I will limit my comments to why, from an IT perspective, tape encryption is
important. Hacking has different solutions and the higher salaries paid to
employees who are likely to be good hackers makes them less of a security
threat than the average person and pay involved in the offsite transfer of
tapes.
The problem of data loss through tapes has been solved from an IT
perspective.
Encryption will not slow backups if you purchase an encryption appliance.
It will if you use software, CPUs on backup servers, or any other
non-chipped-based solution. The appliance hardware on the market will allow
you to transmit the encryption keys in an encrypted format to a remote
location. Thus if you lose your site then the tape vault can send tapes to
the alternate remote location where access to the keys can be securely
granted.
Encryption of tapes is the only way to ensure that you won't lose data that
you ship, via tape, somewhere else.
If you aren't convinced that this solves the problem consider this: The
sorts of military surveillance planes that lost so much data when one was
forced to land in China are now equipped with the same sort of encryption
appliances. Now if the plane goes down the crew pushes a button to destroy
the encryption keys. This is how the military expects to protect data from
all of the computing power and resources of any foreign government.
Now consider the alternative proposed by Gerald: Put money into a strong
contract with an SLA. IronMountian is a good vendor and reports out a
99.995% SLA for securing tapes. Not bad except they transport millions of
tapes a year. Do you think you could find a vendor with a better SLA? And
if you did will it help you if your tape is the 1 in 100,000 lost with a
99.999% SLA and then your company is in the news in California because it
legally has to report the loss? Would the SLA penalty cover your loss
through adverse publicity.
There is another risk to consider: How much do you think the folks who man
the vendor's tape transport trucks are paid? How hard do you think it would
be to bribe one of them to leave a key in the truck so that it could be
stolen on a bathroom break. How much value would there be in a few dozen
tapes holding a couple of terabytes of data and, potentially, information
worth millions of dollars to competitors or thieves.
In the cases like those alluded to, where tapes were left on a curbside or
at an airport, if the tapes are encrypted you really can forget about it, if
they aren't then California law likely requires that you report it and
prepare your CIO for the bad press in the morning papers. In the latter
case telling him/her that you had worked out a great SLA probably won't help
with your job retention. Teh California law specifically exempts encrypted
data from the reporting requirement.
Gerard J. Nicol writes:
> Hugh/Jay,
>
> I am not sure if encryption does slow backups. Encryption is a CPU intensive
> operation. CPU speed increases significantly each year. It is IO and Network
> speeds that increase at a slower rate than data growth.
>
> What needs to be understood here is the obvious disconnect between how IT
> people think, and how most other people think.
>
> In IT, theoretically nothing is impossible. In practice IT is about
> trade-offs.
>
> Trade-offs are the basis of the SLA (Service Level Agreement).
>
> For instance, does it annoy you that Windows takes 60 seconds to start? We
> can fix that for a price. Oh, you are too stingy to pay that price, so let's
> agree that 60 seconds is OK.
>
> If we are talking about tapes here, I think people are missing the point if
> they think it is about encryption.
>
> Although privacy is now a critical part of our society, the ability of
> society to continue to function is more important.
>
> If your offsite vendor is leaving your tapes on the curb, or sending them to
> an airfield never to be seen again forget encryption, use the money to put
> in place a strong contract and SLA with a competent vendor.
>
> That way, in the event that you need your tapes for a true disaster you are
> not left pondering how the company might now be out of business but at least
> if the tapes turn up in the hands of someone who has a spare 3490 tape drive
> at home people's privacy might be protected.
>
> If you are interested in discussing what you should be putting in an SLA, I
> would be more than happy to assist.
>
> Gerard
>
> List archives at http://lists.ufl.edu/archives/recmgmt-l.html
> Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|