Tape Media

Tape Drives

Removable Disk Storage

Imation RDX

Imation RDX Bundles

Imation RDX Media Secure

Tandberg Data RDX QuikStor

Tandberg Data RDX QuikStation

Quantum RDX

HP RDX Removable Disk


Dell RD1000

Quantum SuperLoader 3

Quantum Scalar i40 Scalar i80

Overland NEO Tape Libraries

Overland NEOs StorageLoader

Overland NEOs T24 Loader

Overland NEOs T48 Library

Overland NEO XL Series

Tape Drive Autoloaders

HP StoreEver Tape Libraries

Tandberg Data Storage Library

Qualstar Q24 Tape Autoloader

Qualstar Q48 Tape Autoloader

Qualstar Tape Libraries

Overland Storage NEO S

NAS Storage

SnapServer NAS

SnapServer XSD 40 NAS

SnapServer XSR NAS Series

SnapServer XSR 40 NAS

SnapServer XSR 120 NAS

SnapServer DX DynamicRAID

SnapServer DX1/DX2 Bundles

SnapScale X2 Clustered NAS

SnapScale X4 Scalable NAS

Snap Server Support

Snap Server Software

G-Technology Storage

WD My Cloud NAS

ioSafe Disaster Proof NAS

LenovoEMC StorCenter NAS

LenovoEMC px4-400d/ px4-400r

LenovoEMC px12-400r NAS

LenovoEMC px12-450r NAS

LenovoStorage N3310 / N4610

Pegasus RAID Storage for MAC

Pegasus2 RAID Thunderbolt

SnapSAN S1000 Storage Array

Nexsan Storage

Software Backup Novastor

Adaptec SCSI HBA Cards



ATTO 10GbE NIC Cards



Cables & Terminators

Barcode Labels

Turtle Storage Cases

HP Toner Cartridges

Imation Defender Flash Security

Repair Services

Reconditioned Tape Drives

Custom Sequence Barcode Labels for all your Tape Media - DLT, SDLT AIT and LTO FREE LTO BARCODE LABELS

HP LTO-7 Tape Media 6TB Native 15TB Compressed

mTape LTO-6 with Thunderbolt Connectivity for MAC

Browse by Manufacturer
Mailing Lists

Securing Sensitive Information: Securing data with LTO-4 tape drive encryption

Each month many companies, big or small, well known or unknown, experience a data security loss with the potential exposure of thousands to millions of sensitive customer or employee records. Recent regulatory actions have made such losses much more onerous.  Corporations need to reduce the financial risks of a security breach as well as protect their brand reputation. As such, corporate management is looking to CIOs to minimize these risks with effective security for all sensitive corporate data, wherever it may reside.

Encryption has emerged as a best practice mechanism to security breach risk. As an important consideration for corporate officers cryptographic methods will be examined that can mitigate risks associated with data security breaches, specifically tape data encryption. LTO technology is the most widely adopted data storage tape format and as such, LTO-4 drive encryption will be discussed below.

The LTO-4 Tape Drive encryption is specified as part of the LTO-4 open standard format with a 256-bit symmetric key AES-GCM algorithm implemented in tape drive hardware and fully supports the IEEE standard (P1619.1) for tape based encryption and the new SCSI encryption augmented (T10) command set. The symmetric key is transmitted to the tape transport prior to being used for encrypting data written to or decrypting data read from the media.

The key is not transferred to the tape cartridge and is only retained by the drive during the encryption process. Instead a key identification tag is written and stored on the tape volume. This key identification tag on the tape media provides efficient search access to the necessary information used by the key management system to recall the required encryption key.

Transmission of the keys to the LTO-4 tapes is typically accomplished by using a backup application that supports application managed encryption (AME), by using a tape library that supports library managed encryption (LME), or by using a Key Management Appliance. Most organizations implement LME and tape libraries from IBM, HP, Quantum, Sun, and others support LME tape encryption.

With LME, the tape library has a list of cartridge volume serial numbers that are designated for encryption.

  • The backup application requests a mount of a cartridge that is in the library encryption list.

  • The library uses the library-to-drive interface to tell the drive to encrypt data on that cartridge.

  • The drive requests a symmetric key from the key management software via the libraries IP interface with the key management system and also requests a key tag for the drive to store on the cartridge for subsequent symmetric key identification.

In addition, LME encryption is transparent to the backup application. As such, usually no changes are needed to backup applications. LME can be ideal for environments that have a number of heterogeneous backup applications or servers.

LTO-4 tape libraries can sometimes be partitioned to further support the separation of encrypted from non-encrypted data. Specifically, one or more partitions can be configured to accept only encrypted data whereas the remaining partition(s) only accept non-encrypted data. Some libraries with advanced library management capabilities provide security policy based selection of encryption and specific keys; these can dynamically support a mix of encrypted and non-encrypted cartridges in variable slot locations without needing to use partitions.

Both compression and encryption significantly modify data and can both be performed by an LTO-4 tape drive for the same data on a given tape. In this case, the LTO-4 tape drive first compresses user data and then encrypts it. Thus, the LTO-4 drive can maximize the tape cartridge data capacity and address data security concerns. Also, encrypted data can be added or appended to an LTO-4 encrypted tape cartridge allowing the cartridge capacity to be fully utilized.

Shopping Cart
Your cart is empty.

Tandberg Data RDX Quikstor Removable Disk Cartridges

Imation FREE Docking Station Promotion with Purchase of select RDX Cartridges

HP RDX - FREE RDX External USB 3.0 Docking Station

ATTO ExpressSAS 6Gb/s RAID Adapters

Free Shipping UPS Ground - $500 min. order

Repair Services - 6 Month Warranty Fast Turnaround

Outlet Center - Refurbished Tape Drives - 6 Month Warranty