Sun, IBM tackle tape encryption

By Kevin Komiega

—Sun Microsystems and IBM each launched new technologies for data encryption on tape drives and key management this week as a direct response to the ongoing threat of data loss and identity theft plaguing big companies and consumers across the country.

Sun announced the Sun StorageTek Crypto-Ready T10000 tape drive and Crypto Key Management Station (KMS), which provide device-level tape encryption with key management on the company's T10000 tape drive.

Sun claims the Crypto-Ready T10000 drive virtually eliminates the risk of exposing data to unauthorized access and both off-site and on-premise data loss. The drive supports multiple operating systems, including Solaris OS, Windows, and z/OS.

Crypto KMS manages keys used to encrypt and decrypt data on the T10000 tape drive. The KMS comprises a Sun Ultra 20 workstation running Solaris and key management software. It uses AES-256 encryption and is designed for compliance with the Federal Information Processing Standard (FIPS) 140-2 certification.

The T10000 Crypto-Ready drive and Crypto KMS enable users to encrypt data as it is written to the drive, regardless of the application, operating platform, or primary storage device in use.

"We moved the key management functionality out of band, meaning end users and administrators are not passing keys in the data path," says Dave Kenyon, director of product management for Sun's data-protection and archive products. Kenyon says keeping the keys out of the data path means more security. "The more often you move the keys around, the more often they are written to different places."

Sun is also offering encryption-consulting services to help customers assess their security plans and identify, evaluate, and deploy encryption and key management strategies.

In addition, Sun rolled out a new virtual tape library—the VTL Plus. Like other VTLs, the appliance provides virtual tape resources on a disk-based platform that behaves like a tape library while delivering the performance benefits of disk-based storage. VTL Plus is built on the Sun Fire platform and Solaris. Furthermore, the VTL plays a key role in Sun's encryption portfolio by facilitating encryption at the virtualization layer.

Pricing for an 8TB VTL Plus configuration starts at about $140,000.

Big Blue weighs in
IBM also introduced encryption technology and services this week in the form of the System Storage TS1120 tape drive and Security and Privacy Services practice.

Along with data encryption and key management, the TS1120 drive is supported by existing IBM and Sun StorageTek automation products, offers a native data-transfer rate up to 104MBps, and scales up to 1.5TB of capacity.

According to IBM, encrypting data in the tape drive creates certain side benefits for users, including data compression and the ability to process non-encrypted workloads.

Big Blue's key management capability is based on technologies from the mainframe world. The centralized key management system provides a single point of control for the tape encryption keys and IBM System z servers also use tamper-resistant hardware features for further protection of the keys. The drive is designed to ensure tapes can only be decrypted by authorized parties.

Encryption comes standard on all new TS1120 tape drives, and users already running legacy TS1120 drives can upgrade to include the encryption feature for a fee.

The TS1120 drive is priced from $35,500.

IBM and Sun aren't the only vendors incorporating encryption into tape drives. For example, all of the LTO tape drive manufacturers—including Hewlett-Packard, Quantum, and Tandberg, as well as IBM—are in the process of incorporating encryption into the next generation (LTO-4) of their drives. According to Bob Abraham, president of Freeman Reports, a research firm that tracks the tape industry, products are expected within the next few months. In addition, Quantum is expected to introduce native encryption on its DLT S4 tape drives. And some tape library vendors, such as Spectra Logic, provide encryption via software in their libraries.

This article was originally published on September 14, 2006