Encryption is the surest way for an enterprise to confidently secure its mission critical data.  For many organizations this begins with protecting data stored on archival tape, and encryption mitigates the risk associated with tapes being lost or stolen while in transit. 

Tape media is considered the most reliable and prevalent source for enterprise data recovery, yet while access controls and tighter infrastructure management provisions may have been implemented, these safeguards don't encompass the tape media itself.  This means that most data stored on removable media can be lost, stolen or compromised. Unauthorized users can readily read tape data, analyze confidential information, and even rebuild entire systems - without a trace. The greater the availability and sensitivity of backup data, the greater the risk.

Tape encryption raises specific challenges in relation to key management, including:
 
• Long term data archival – The archival of encrypted data creates the need to archive encryption 
  keys for equally long periods of time. The long term availability of keys is vital for ensure future
  recovery of encrypted data.
• High grade data security – The encryption of data focuses the attention of a would-be attacker
  on the encryption keys rather than the data itself. Key management systems create a natural
  honeypot for key theft attacks and therefore require high levels of physical and logical security.
• Secure access and approval controls for administrators – Data recovery naturally becomes a
  critical-security function requiring strong authentication of administrators and dual control
  (shared responsibility) for key management tasks.
• Secure audit – All key management activities associated with tape backup and recovery require
  strong audit logging to satisfy internal security policies, compliance audits and forensic
  investigations. All audit logs should be tamper resistant and of proven integrity.
• Support for multiple locations - Data archival and recovery are frequently performed in
  geographically different data centers and create a requirement to distribute keys securely to
  multiple locations from a central key vault.
• Fast response – Tape recovery is frequently performed in response to time-critical situations.
  Key management systems need to provide near-instant access to recovery keys and delivery to
  recovery locations.

nCipher solutions for encrypting tape drives and key management

For organizations that need encrypting tape drives nCipher offers the CryptoStor product line, recently acquired from NeoScale Systems, and the keyAuthority enterprise key management system. 

Secure Tape
The CryptoStor Tape solution delivers enterprise-class data protection and privacy for tape media and virtual tape.  An easy-to-deploy high speed security applicance, CryptoStor Tape selectively compresses, encrypts, and cryptographically authenticates data on tape media - without disruption to existing backup processes.  The result? Data stored on removable media is safe and secure from loss or theft.

Enterprise Key Management
If your organization has already deployed encrypting tape drives, such as the IBM LT04 series, nCipher provides a world class key management system, keyAuthority, that integrates with the tape system via industry standard APIs and connects the tape drive as an end-point for the keyAuthority system. keyAuthority strengthens key management for encrypting tape drives:

• Adds hardware-based key generation, secure archive and life cycle management functionality.
• Enhances scalability: multiple data-centers and libraries have access to central key repository.
• Supports portability of tapes between data centers.
• Enables best practice key management practice to be applied to tape environment.
• Proven integration; short proof of concept and deployment projects.

Cryptostor Tape

High speed security appliance to secure data stored on tape from loss, theft or compromise. more