Atempo Advances Encryption

With a Security and Compliance Manager (SCM) module for its Time Navigator backup package, Atempo is trying to convince users that software applications can give hardware appliances a run for their money when it comes to security.

Up to now, Time Navigator was among the software applications whose encryption and security capabilities didnt measure up to appliances from the likes of Decru, NeoScale, Kasten Chase, and Vormetric.

The reason? Time Navigator had lightweight encryption based on an industry-standard Blowfish algorithm. Now in SCM, it's beefing that up with industrial-strength AES 256 and Triple DES encryption. SCM also includes hash algorithms, digital signatures, key management, and compliance policy enforcement.

One analyst says the package goes beyond what other backup software vendors offer, but probably won't stay unique for long. “A lot of people say, ‘I have encryption,’ but security is a heck of a lot more than encryption,” says Arun Taneja of Taneja Group. “It also has to do with authentication and preventing tampering. I don’t think it’s going to be unique for any extended period of time, though. All backup vendors are looking at doing those things.”

Still, encryption is a work in progress for even the largest backup software vendors. (See Backup Encryption Mulled.) Symantec offers encryption in its enterprise Net Backup product, for instance, but not in its Windows-based Backup Exec. EMC offers encryption for its SMB Dantz Retrospect, but not yet in its enterprise Legato Networker application.Software encryption can’t match appliances for speed, because doing the encryption in software uses CPU cycles that slow the system down. But it can be a cheaper alternative: SCM starts at $7,000 for 10 client licenses, while encryption appliances cost more than twice as much. Atempo is trying to make its software simpler to use as well.

“A lot of customers aren’t using encryption because it is too complex,” claims Atempo marketing VP Steve Terlizzi.

SCM lets users create security policies through templates. For example, a user can set a transactional database for the strictest security -- say, Triple DES or AES 256 -- and limit access to a database administrator. At the same time, the customer can set lower levels of security – Blowfish and wider user access -- for less critical applications. SCM also handles management for keys necessary to decrypt data.

At least one customer welcomed Atempo's move and isn't particularly concerned, yet, that it doesn't match hardware performance. Canadian service provider Data Base File Tech (DBFT) uses Time Navigator to back up and restore customer data, and operations manager Maurice Auger says potential customers often demand stricter security than he has been able to offer.

“Certain customers ask for more security than we provide,” Auger says. “This will allow us to create templates for specific organization such as financial institutions. We can let our customers set their security level.”

Will software encryption be enough to satisfy users demanding the highest security? Auger says none of his 70 or so backup customers have asked for hardware encryption.“We haven’t had the need to use hardware encryption,” he says. “If customers ask for hardware encryption, we would do that. But we have no call for it yet.”

— Dave Raffo, Senior Editor, Byte and Switch

Organizations mentioned in this article: