1. Technical Field
The invention relates to data backup applications that involve the grouping of criteria and attributes for the encryption of media. More particularly, the invention relates to tape backup of data using pool encryption with automatic detection.
2. Description of the Prior Art
As organizations seek to manage and store burgeoning volumes of data, storage networks continue to increase in size and complexity. IT teams are tasked with the growing challenge of ensuring this mass of data is available. They must backup data, restore data as needed, and ensure that data is protected in the event of a disaster. Today's backup technologies go a long way toward addressing these requirements. However, they do not take into account the security and privacy of the data itself.
By nature, backup procedures introduce additional threats to stored data. For example, with each additional distributed copy of cleartext data, organizations increase the risk of unauthorized access. Most disaster recovery plans place data offsite in a remote or outsourced facility, most likely with less stringent security. Further, information density continues to increase. When hundreds of gigabytes of data are easily stored on a single backup tape, the stakes go up significantly if that tape goes missing.
Storage security appliances, such as the Decru DataFort™, which is a computer system manufactured by Decru (Redwood City, Calif.), provide a solution that simplifies data security in these scenarios. The storage security appliance also includes an operating system, or other similar software, that performs the functions of the storage security appliance, such as encryption. By encrypting data before they are ever written to disk or tape, storage security appliances ensure that only authorized people are able to read data, and fully protect data against unauthorized access if a disk or tape is lost or stolen.
It is known to perform encrypting on a per-host basis. However, this only makes sense if all the hosts that are part of a media-server group reference the same key or set of keys for encrypting media because each of the servers in the group must be able to read and append to the same set of tapes. If the goal is to hide data from a different media server group, then different keys could be granted to the second media group, such that permissions to the first group's keys would not be granted to the second group. Selectively sharing tapes between two media-server groups becomes difficult with this method because to create a set of media which uses a shared key, yet retain the ability to create data encrypted with a private key, one would have to rotate a host key manually from a private key to a shared key, and back to the private key.
In such a storage environment, it is advantageous to group resources for the benefit of group members. This makes the most efficient use of such resources. It is thus known to consolidate storage devices into a shared configuration which is referred to as a pool. For example, a tape pool comprises a collection of available storage devices of the same media type, i.e. tape storage devices, that are consolidated to provide a shared resource to two or more users. Thus, in pool encryption, a set of shared tapes is created by assigning media to a pool which is designated to be shared with a second media server group, with no changes necessary on the encryption device. While a single key is convenient to manage such a pool across a large deployment, if this key is compromised, then all of the data in the pool is vulnerable. Again, in this approach, manual key rotation may be used to share a selected data set with another location.
A further aspect of such storage security appliance concerns logically grouping the criteria and attributes to be used for encrypting media according to the backup application grouping of media. Backup applications, such as Veritas NetBackup, allow the grouping of media into media pools. It can also be convenient to keep these pools of media cryptographically separated. For example, if one tape pool is destined to be shipped offsite versus being kept onsite, then it would be useful to encrypt such offsite tapes because these tapes are more vulnerable by virtue of their being offsite. By way of further example, if tapes from a customer pool are to be sent to many different customers, it would be useful to encrypt these tapes using a unique key per tape to keep each customer's data private.
It would therefore be advantageous to provide a mechanism for selectively encrypting media within a media pool.
It would also be advantageous to provide a mechanism by which more than one key can be used for encrypting such media.