Tape Media

Tape Drives

Removable Disk Storage

Imation RDX

Imation RDX Bundles

Imation RDX Media Secure

Imation Defender Flash Security

Quantum RDX

Quantum RDX 8000 Library

HP RDX Removable Disk

Tandberg Data RDX QuikStor

Qualstar Tape Libraries

Overland NEO Tape Libraries

Tape Drive Autoloaders

HP StorageWorks

Tandberg Data Storage Library

Quantum SuperLoaders

Overland Storage NEO S

NEO S Series Support

NAS Storage

Snap Server NAS

SnapServer DX DynamicRAID

SnapServer DX1/DX2 Bundles

SnapScale X2 Clustered NAS

SnapScale X4 Scalable NAS

Snap Server Support

Snap Server Software

Tandberg Data BizNAS

LenovoEMC StorCenter NAS

LenovoEMC px4-400d/ px4-400r

LenovoEMC px12-400r NAS

LenovoEMC px12-450r NAS

Iomega NAS Service Plans

Pegasus RAID Storage for MAC

Pegasus2 RAID Thunderbolt

Netgear ReadyNAS

SnapSAN S1000 Storage Array

SnapServer S2000 iSCSI SAN

Overland Storage REO VTL

Nexsan Storage

Adaptec SCSI HBA Cards

ATTO SAS/SATA/FC HBA

ATTO ExpressSAS RAID

ATTO 10GbE NIC Cards

iSCSI/ FC HBA Cards

SATA/ SAS HBA Cards

Cables & Terminators

Barcode Labels

Turtle Storage Cases

Repair Services

Reconditioned Tape Drives


Custom Sequence Barcode Labels for all your Tape Media - DLT, SDLT AIT and LTO FREE LTO BARCODE LABELS

  AUTHORIZED PARTNER

Iomega StorCenter Network Storage Appliances

SnapServer DX2 - Double your Capacity Free

Browse by Manufacturer
Mailing Lists


Securing Sensitive Information: Securing data with LTO-4 tape drive encryption

Each month many companies, big or small, well known or unknown, experience a data security loss with the potential exposure of thousands to millions of sensitive customer or employee records. Recent regulatory actions have made such losses much more onerous.  Corporations need to reduce the financial risks of a security breach as well as protect their brand reputation. As such, corporate management is looking to CIOs to minimize these risks with effective security for all sensitive corporate data, wherever it may reside.

Encryption has emerged as a best practice mechanism to security breach risk. As an important consideration for corporate officers cryptographic methods will be examined that can mitigate risks associated with data security breaches, specifically tape data encryption. LTO technology is the most widely adopted data storage tape format and as such, LTO-4 drive encryption will be discussed below.

The LTO-4 Tape Drive encryption is specified as part of the LTO-4 open standard format with a 256-bit symmetric key AES-GCM algorithm implemented in tape drive hardware and fully supports the IEEE standard (P1619.1) for tape based encryption and the new SCSI encryption augmented (T10) command set. The symmetric key is transmitted to the tape transport prior to being used for encrypting data written to or decrypting data read from the media.

The key is not transferred to the tape cartridge and is only retained by the drive during the encryption process. Instead a key identification tag is written and stored on the tape volume. This key identification tag on the tape media provides efficient search access to the necessary information used by the key management system to recall the required encryption key.

Transmission of the keys to the LTO-4 tapes is typically accomplished by using a backup application that supports application managed encryption (AME), by using a tape library that supports library managed encryption (LME), or by using a Key Management Appliance. Most organizations implement LME and tape libraries from IBM, HP, Quantum, Sun, and others support LME tape encryption.

With LME, the tape library has a list of cartridge volume serial numbers that are designated for encryption.

  • The backup application requests a mount of a cartridge that is in the library encryption list.

  • The library uses the library-to-drive interface to tell the drive to encrypt data on that cartridge.

  • The drive requests a symmetric key from the key management software via the libraries IP interface with the key management system and also requests a key tag for the drive to store on the cartridge for subsequent symmetric key identification.

In addition, LME encryption is transparent to the backup application. As such, usually no changes are needed to backup applications. LME can be ideal for environments that have a number of heterogeneous backup applications or servers.

LTO-4 tape libraries can sometimes be partitioned to further support the separation of encrypted from non-encrypted data. Specifically, one or more partitions can be configured to accept only encrypted data whereas the remaining partition(s) only accept non-encrypted data. Some libraries with advanced library management capabilities provide security policy based selection of encryption and specific keys; these can dynamically support a mix of encrypted and non-encrypted cartridges in variable slot locations without needing to use partitions.

Both compression and encryption significantly modify data and can both be performed by an LTO-4 tape drive for the same data on a given tape. In this case, the LTO-4 tape drive first compresses user data and then encrypts it. Thus, the LTO-4 drive can maximize the tape cartridge data capacity and address data security concerns. Also, encrypted data can be added or appended to an LTO-4 encrypted tape cartridge allowing the cartridge capacity to be fully utilized.

Search
Shopping Cart
Your cart is empty.

Tandberg Data RDX Quikstor Removable Disk Cartridges

FREE IBM LTO Ultrium Tape Promotion - 35L2086

Imation FREE Docking Station Promotion with Purchase of select RDX Cartridges

HP RDX - Cash Back Rebate with Purchase of Cartridge/Dock

ATTO ExpressSAS 6Gb/s RAID Adapters

Free Shipping UPS Ground - $500 min. order


Repair Services - 6 Month Warranty Fast Turnaround

Outlet Center - Refurbished Tape Drives - 6 Month Warranty