Backup Encryption Mulled

Backup software increasingly features encryption. Is it overkill?

July 13, 2005

3 Min Read
Network Computing logo

Despite recent product announcements about backup software getting encryption, the combination may not always be useful. At the very least, it raises questions.

Given an alarming number of disappearing backup files in recent months, it's no surprise that Encrypt your backup! is the main message backup suppliers are giving their customers. Even if one or two tapes are lost, the impact can be devastating. Just ask Time Warner or City National Bank (see A Tale of Lost Tapes and Choice Bits).

Hence, a flurry of announcements tying security and backup. BakBone Software Inc. today unveiled a plug-in encryption module for its NetVault backup and restore software (see BakBone Plugs In Encryption). And late in June, EMC Corp. (NYSE: EMC) released encryption as part of an upgrade to its Dantz Retrospect 7 product.

But hang on: What about all those new security appliances we're hearing about? There are plenty of boxes that promise to encrypt data efficiently when it's at rest. Suppliers include Decru Inc., Disuk Ltd., Ingrian Networks Inc., Kasten Chase Applied Research Ltd., NeoScale Systems Inc., and Vormetric Inc. At least one storage vendor, Network Appliance Inc. (Nasdaq: NTAP), seems to think this is the way to go (see NetApp Buys Decru). There is also at least one appliance, the RocketVault from Intradyn Inc., that's designed for backup and features encrpytion. And if backup data is already encrypted, can the appliances be dispensed with?

Vendors of backup software seem divided on the issue. A quick scan shows that while many have encryption, it's not always an immediate boast, or even a strong point:

  • Atempo Inc., for instance, offers what a spokesman calls "lightweight encryption based on an industry-standard Blowfish algorithm to prevent casual access to the data." If more is needed, there's an API to link encryption algorithms into Atempo's Time Navigator.

  • EMC Corp., while it offers Dantz Retrospect encryption, does not offer encryption today in its Legato Networker product, though it is "on the roadmap," a spokesman says.

  • Veritas Software Corp., now part of Symantec Corp. (Nasdaq: SYMC), does not offer encryption with Backup Exec. It does offer encryption with Net Backup.

  • Hewlett-Packard Co. (NYSE: HPQ) offers encryption with Data Protector, and a "bit-level configuration" is available for adding in third-party encryption products.

Suppliers are also divided on the use of appliances. BakBone says its software can be used with appliances in a layered security strategy. After all, there's a gap between the server and the appliance that might leave data open to insider tampering. Atempo and HP also promote the use of other encryptors with their backup gear.

But EMC and Veritas appear ambivalent. According to an email from a Veritas spokesman, the vendor advocates Net Backup's encryption instead of an appliance because extra hardware just means more management headaches.

On the other hand, companies like Decru say their way is best. Anyone using the Datafort appliance, says a Decru spokeswoman, normally shut off the encryption that may be available with their backup software. This improves performance, she says, since backup software encryption can take more time than hardware-based solutions.

Who's right in this argument isn't clear, at least without a test lab handy. For now, though, it looks like closer scrutiny of security products will help would-be customers get a clearer handle on their options.

Mary Jander, Site Editor, Byte and Switch0

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights