Data tape cartridges are expensive, so to make sure we fill tapes to their maximum capacity, all tape drives on the market ship with compression capabilities. But what happens when you try to compress encrypted files? Nothing. When using robust encryption algorithms--the devices we tested use 3DES and AES256, both widely recognized by the security industry as sufficiently strong--encrypted data sent to the tape drive is functionally uncompressable. But there's good news: The vendors whose products we evaluated made sure their devices both compress and encrypt data on its way to tape. Nice.
A big benefit of host-based encryption is that data is encrypted before it leaves the host, so it's never unencrypted going over the wire to tape. An ultra-strict security policy would dictate that some data never be sent over the network unencrypted. Only a host-based PCI card strategy will do. All the standalone appliances--and the future built-in encrypting tape drives--receive data over the wire unencrypted. But this shouldn't be a strong selling point if the rest of your network transfers run in the clear--the distance between server and tape on a Fibre Channel line isn't likely to be your network's weakest link. Plus, this doesn't even take into account the increased difficulty of sniffing FC traffic; it can be done, but it's not as simple as conventional network sniffing. Unless you have SSL or other trusted encryption implemented across your internal network, having data encrypted on the storage path won't make or break you. That's not to say it doesn't raise your level of security, just that it can't be the only consideration.
As we mentioned, the encryption product you pick must play nice with your storage implementation. Both of the products we tested support both Fibre Channel and iSCSI, but we tested only with FC. The nature of each product and where it sits on the storage pipeline determine how the storage environment will affect operation. The host-based card installs at the server, so the OS can be a deciding factor, though storage network device selections matter less, because the card encrypts all storage data leaving the server on the FC network, regardless of where it's going. For this reason, a host-based PCI card-assisted product can accommodate all types of storage implementations with a single product. A standalone appliance doesn't care about which OS is sending the data down the pipe, so while separate appliances are required for different device implementations, your server configuration is moot.
Let's start with your current backup application and operating system. Assurency SecureData supports IBM Tivoli, Legato Networker, Veritas NetBackup and Windows NT backup software; on the OS side it supports only Windows 2000/2003 and Solaris 8/10. Kasten Chase says future versions will add AIX 5.2/5.3 and Linux, but given the company's slew of government certifications, we were surprised these weren't already on the list. Why is this an issue? Because encryption PCI cards reside on your servers, so OS support is a limiting factor.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
