Tape Media

Tape Drives

Ethernet LTO Tape Drives

Tandberg Data RDX QuikStor

Tandberg Data RDX QuikStation

HP RDX Removable Disk

Quantum SuperLoader 3

Quantum Scalar i3 LTO

Qualstar LTO Tape Libraries

Qualstar Q8 Tape Autoloader

Qualstar Q24 Tape Autoloader

Qualstar Q48 Tape Autoloader

Qualstar Q40 Tape Library

Qualstar Q80 Tape Library

Qualstar Tape Libraries

Overland NEO Tape Libraries

Overland NEOs StorageLoader

Overland NEOs T24 Loader

Overland NEOs T48 Library

Overland NEOxl 40 Series

Overland NEOxl 80 Series

Tape Drive Autoloaders

HP StoreEver Tape Libraries

HP StoreEver MSL3040

Archiware P5 Software

XenData LTO Archive

Facilis Technology

SnapServer XSR NAS Series

Nexsan Storage

ATTO SAS / Thunderbolt

Cables & Terminators

Barcode Labels

Turtle Storage Cases

Quantum Scalar i3 Warranty

Removable Disk Storage

Imation RDX

Imation RDX Bundles

Tandberg RDXLock WORM

Quantum RDX

HP RDX+ Bundles


Dell RD1000

Reconditioned Tape Drives

Custom Sequence Barcode Labels for all your Tape Media - DLT, SDLT AIT and LTO FREE LTO BARCODE LABELS

LTO-9 Tape Drives LTO-9 Tape Libraries Now Available

SymplyPro LTO Archiving Solutions LTO-8 and LTO-9

Browse by Manufacturer
Mailing Lists

Securing Sensitive Information: Securing data with LTO-4 tape drive encryption

Each month many companies, big or small, well known or unknown, experience a data security loss with the potential exposure of thousands to millions of sensitive customer or employee records. Recent regulatory actions have made such losses much more onerous.  Corporations need to reduce the financial risks of a security breach as well as protect their brand reputation. As such, corporate management is looking to CIOs to minimize these risks with effective security for all sensitive corporate data, wherever it may reside.

Encryption has emerged as a best practice mechanism to security breach risk. As an important consideration for corporate officers cryptographic methods will be examined that can mitigate risks associated with data security breaches, specifically tape data encryption. LTO technology is the most widely adopted data storage tape format and as such, LTO-4 drive encryption will be discussed below.

The LTO-4 Tape Drive encryption is specified as part of the LTO-4 open standard format with a 256-bit symmetric key AES-GCM algorithm implemented in tape drive hardware and fully supports the IEEE standard (P1619.1) for tape based encryption and the new SCSI encryption augmented (T10) command set. The symmetric key is transmitted to the tape transport prior to being used for encrypting data written to or decrypting data read from the media.

The key is not transferred to the tape cartridge and is only retained by the drive during the encryption process. Instead a key identification tag is written and stored on the tape volume. This key identification tag on the tape media provides efficient search access to the necessary information used by the key management system to recall the required encryption key.

Transmission of the keys to the LTO-4 tapes is typically accomplished by using a backup application that supports application managed encryption (AME), by using a tape library that supports library managed encryption (LME), or by using a Key Management Appliance. Most organizations implement LME and tape libraries from IBM, HP, Quantum, Sun, and others support LME tape encryption.

With LME, the tape library has a list of cartridge volume serial numbers that are designated for encryption.

  • The backup application requests a mount of a cartridge that is in the library encryption list.

  • The library uses the library-to-drive interface to tell the drive to encrypt data on that cartridge.

  • The drive requests a symmetric key from the key management software via the libraries IP interface with the key management system and also requests a key tag for the drive to store on the cartridge for subsequent symmetric key identification.

In addition, LME encryption is transparent to the backup application. As such, usually no changes are needed to backup applications. LME can be ideal for environments that have a number of heterogeneous backup applications or servers.

LTO-4 tape libraries can sometimes be partitioned to further support the separation of encrypted from non-encrypted data. Specifically, one or more partitions can be configured to accept only encrypted data whereas the remaining partition(s) only accept non-encrypted data. Some libraries with advanced library management capabilities provide security policy based selection of encryption and specific keys; these can dynamically support a mix of encrypted and non-encrypted cartridges in variable slot locations without needing to use partitions.

Both compression and encryption significantly modify data and can both be performed by an LTO-4 tape drive for the same data on a given tape. In this case, the LTO-4 tape drive first compresses user data and then encrypts it. Thus, the LTO-4 drive can maximize the tape cartridge data capacity and address data security concerns. Also, encrypted data can be added or appended to an LTO-4 encrypted tape cartridge allowing the cartridge capacity to be fully utilized.

Shopping Cart
Your cart is empty.

Tandberg Data RDX Quikstor Removable Disk Cartridges

RDX 10 Pack Promotion - celebrating 10 Years of RDX Technology

SnapSever XSR120 and XSR40 Available

Quantum Scalar i3 LTO-9 Now Available and Shipping

Free Shipping UPS Ground - $500 min. order

Repair Services - 6 Month Warranty Fast Turnaround

Outlet Center - Refurbished Tape Drives - 6 Month Warranty