Backup media encryption
The most commonly used type of encryption takes place on the backup media — either on the server driving the tape backup device (for example, the media server in a Veritas environment), or on the tape drive itself.
When implemented on the tape server, encryption can dramatically reduce the performance of the backup system, since a large portion of the server's CPU resources are diverted to perform the encryption. Using a tape drive that provides its own encryption processing can reduce the overall load on the tape server. These drives are expensive, however, and require that all tape units be of the same model or family to achieve full encryption.
Backup device encryption
The key difference between backup device encryption and backup media encryption is the location at which the encryption is performed. Encryption at the backup device level provides much stronger overall data security. This is true because the data can be encrypted once (at the device), and remain encrypted regardless of its location at any future time.
If data is encrypted as it arrives at the device, then the data stored on the backup device for local rapid recovery is also protected from inside attacks. This approach avoids the performance degradation associated with file system encryption, and also removes the complexity of applying encryption tools across multiple operating systems.
_(22).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
