What happens if your building burns down and the appliances are toast? Assuming your tapes weren't stored in a cardboard box in the data center, you'll be fine as long as you have your keys, so keep copies of smart cards secure in an off-site vault. Both vendors offer last-resort tape restoration in the form of recovery software that, once installed, can authenticate your keys and recover your data from tape. Get your quorum together, call your secure tape storage facility, and get back to work. This is a pesky what-if scenario--right up until it becomes the most important thing for your business. Disaster-recovery preparation is like that, which is why so many businesses never give it the consideration it deserves.
As for price, as financier Ronald Perelman illustrated in his $2.7 billion lawsuit against investment bank Morgan Stanley, a storage mishap can end up costing significantly more than the most expensive encryption system. With that in mind, here's a basic cost breakdown of the devices tested.
The Assurency SecureData setup we installed in our lab was smaller than what Kasten Chase considers an average implementation, but it still cost $62,000. This got us two key management appliances, one CryptoAccelerator PCI Card to perform the data compression and encryption on one server, and the server encryption driver for the card--yes, there's a separate charge for the driver. The average installation as documented by the company runs $86,450, based on two appliances with five CryptoAccelerator cards and accompanying drivers--still significantly below what a major public relations fallout might cost, though out of reach for many smaller operations.
The NeoScale CryptoStor Tape appliance we evaluated costs $20,000 with two Fibre Channel interfaces, one input and one output; it also offers the product with four FC interfaces. We used only one box for our small test network; to determine how many you will need, count the number of data paths between your storage network and your tape libraries. Small environments could get by with only a single appliance, but for failover and appliance backup, we'd feel better with two.
Kasten Chase's Assurency SecureData seems geared toward large enterprise customers. The system comprises one or more SecureData Appliances for key management, working with CryptoAccelerator cards and server encryption drivers at each server holding data that requires secure backup. The product didn't care about our storage network because encryption was done on the servers themselves. We had to install PCI cards on the servers in our test bed; encryption takes place at the driver level for all data heading outbound over the Fibre Channel wire to the tape library. We used a separate host to run the management software used for configuring our key-management appliances. According to Kasten Chase, its SecureData Appliances run a "proprietary key authentication" system, which distributes keys to the approved hosts' PCI cards. The key appliance does not touch storage data, nor does it do any encryption; its only job is authentication. So, the Kasten Chase model includes a PCI card, which does the encryption and compression at the server, authenticating to a key-management appliance on the same network before sending the data out over Fibre Channel to the tape library.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
