By Kevin Komiega
Sun Microsystems and IBM each launched new technologies for data encryption on tape drives and key management last month as a direct response to the ongoing threat of data loss and identity theft plaguing big companies and consumers across the country.
Sun claims the Crypto-Ready T10000 drive virtually eliminates the risk of exposing data to unauthorized access and both off-site and on-premise data loss. The drive supports multiple operating systems, including Solaris, Windows, and z/OS.
Crypto KMS manages keys used to encrypt and decrypt data on the T10000 tape drive. The KMS comprises a Sun Ultra 20 workstation running Solaris and key management software. It uses AES-256 encryption and is designed for compliance with the Federal Information Processing Standard (FIPS)140-2 certification.
The T10000 Crypto-Ready drive and Crypto KMS enable users to encrypt data as it is written to the drive, regardless of the application, operating platform, or primary storage device in use.
“We moved the key management functionality out of band, meaning end users and administrators are not passing keys in the data path,” says Dave Kenyon, director of product management for Sun’s data-protection and archive products. Kenyon says keeping the keys out of the data path means more security. “The more often you move the keys around, the more often they are written to different places.”
Sun is also offering encryption-consulting services to help customers assess their security plans and identify, evaluate, and deploy encryption and key management strategies.
Sun also rolled out its VTL Plus. Like other VTLs, the appliance provides virtual tape resources on a disk-based platform that appears as a tape library while delivering the performance benefits of disk-based storage. VTL Plus is built on the Sun Fire platform and Solaris and facilitates encryption at the virtualization layer. An 8TB VTL Plus configuration is priced from about $140,000.
Big Blue weighs in
IBM debuted encryption technology and services with its System Storage TS1120 tape drive and Security and Privacy Services practice. Along with data encryption and key management, the TS1120 is supported on existing IBM and Sun StorageTek automation products, offers a native data-transfer rate up to 104MBps, and scales up to 1.5TB of capacity (assuming a 3:1 compression ratio).
IBM claims encrypting data in the tape drive creates certain side benefits for users, such as data compression and the ability to process non-encrypted workloads.
Big Blue’s key management capability is based on technologies from the mainframe world. The centralized key management system provides a single point of control for the tape encryption keys and IBM System z servers also use tamper-resistant hardware features for further protection of the keys. The drive is designed to ensure tapes can only be decrypted by authorized parties.
Encryption comes standard on all new TS1120 tape drives, and users already running legacy TS1120 drives can upgrade to include the encryption feature for a fee. The TS1120 drive is priced from $35,500.
IBM and Sun aren’t the only vendors incorporating encryption into tape drives. For example, all of the LTO tape drive manufacturers-including Hewlett-Packard, Quantum, and Tandberg, as well as IBM-are in the process of incorporating encryption into the next generation (LTO-4) of their drives. According to Bob Abraham, president of Freeman Reports, a research firm that tracks the tape industry, products are expected within the next few months. In addition, Quantum is expected to introduce native encryption on its DLT S4 tape drives. And some tape library vendors, such as Spectra Logic, provide encryption via software in their libraries.