Many institutions and corporations back up their data and use removable data storage items such as tape cartridges as the storage mechanism. Data are usually backed up in a secure location such as an off-site library from where data can be restored in the event of disaster recovery. There have been instances of company data potentially losing its confidentiality due to the loss of backup tape cartridges. In the event that the data on a lost tape cartridge has not been encrypted, that data would be relatively easy for a non-authorised user to read. That situation is undesirable.
Where the backed up data are extremely sensitive, a need is perceived to encrypt the data and thereby improve security. Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially in an environment with a multitude of tape cartridges.
The encryption of backup data on tape cartridges may be achieved in many ways and one method is for the backup device—the tape drive in this example—to perform the encryption and provide the encrypted data to the tape cartridge. This can work well but there remains the issue of managing the encryption key or keys used to encrypt the data on a tape cartridge. The encryption key or keys are stored in the tape drive or accessed by the tape drive and must match the key used to encrypt the data if the data is to be recovered. One method relies on the key or keys being provided by a host computer and sent to the tape drive via a SCSI command. The main issue with this is the management of the keys. Specific keys must be associated with specific pieces of data on specific tape cartridges. To restore the data the appropriate key must be found. In an environment with a lot of tape cartridges and potentially after a site disaster, this is not a trivial task.
Another solution is the use of backup software with encryption. This encrypts data as part of the process of reading the data from the disks or host computer and before passing the data to the tape drive. This has not been very popular because of the limited data throughput performance that may be obtained in comparison with hardware based encryption. Also, this method does not have an intrinsic key management system that guarantees the availability of the correct key for a specific cartridge.
A further solution involves an encryption appliance situated between the host computer and the tape drive. These often have similar throughput limitations to the software solution and still have key management issues.
All the existing solutions present difficulties in selecting the right key following a disaster.