The data storage industry is experiencing a boom fueled in part by aggressive cost reduction of data storage due to advances in storage technology, broadened international accessibility to the internet and the World Wide Web, and the public's appetite to accumulate data. Unfortunately, with the boom has come associated undesirable activities, such as data attacks and data theft. Data stored in data storage libraries are among the primary targets of such attacks and theft.
Data storage libraries serve as data receptacles for a variety of clients, including businesses, governments, and the general population. These libraries are generally comprised of drive storage devices adapted to read and write data to and from media which can be archived within the libraries. Traditionally, tape media has been used in many of the mainstream storage libraries due to the relatively high storage capacity and data integrity robustness of tapes. One advantage of tape is mobility, providing achievability in remote locations called “vaults”, making an ‘on-line’ data attack difficult, if not impossible. However, should an attacker acquire a tape, the data stored on the tape may be subject to unwanted access. In attempts to prevent unwanted access, the tape, or other mobile media capable of being used in a data storage library, can be armed with a number of security measures including data encryption. One fundamental component of data encryption is the knowledge of how to decode or decrypt the data; such knowledge is known to those skilled in the art as the key. In order to increase security of data, decryption keys can be changed from one data set to another frequently enough to instill sufficient confidence that the encrypted data is secure.
Dealing with numerous keys associated with various mobile media that may be located in a variety of different locations can not only be a management challenge, it can be time consuming. Some clients using a data storage library may consider data encryption as a required feature to protect their data, while other clients may prefer to forgo encryption protection in the interest of conserving resources and time associated with key management. Also, managing the encryption requirements of different clients on in a commonly used data storage library can be complex and problematic.
In an effort to manage differing encryption of stored data on mobile media (within a library or vault, for example) for multiple clients using a common library, both methods and apparatus are disclosed herein. It is to innovations related to this subject matter that the claimed invention is generally directed.