Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

LTO-4 Ultrium encryption eliminates growing risk to corporate data

By Simon Anderson, Product Manager for Tandberg Data
  • 27 March, 2009 09:23

<p>As tape cartridge capacities continue to grow, the risks of accessing larger volumes of data increase correspondingly.</p>
<p>Transporting offsite archives represents the biggest hazard to corporate information. Securing sensitive data from all unauthorised access has emerged as a critical business concern for storage managers, since this could result in lost customers, lost revenue, and even regulatory penalties for some.</p>
<p>As storage managers continue to seek improvements in tape technologies to keep pace with the growing need for reliability, storage capacity, speed and low cost, they have been burdened with the high cost and complexity of integrating hardware and software to encrypt their data.</p>
<p>A solution to minimising these costs has emerged with fourth generation LTO Ultrium technology that incorporates hardware data encryption. Enterprise-class encryption functionality is available in LTO-4 tape drives and tape automation products.</p>
<p>Fourth generation LTO open format and succeeding LTO generations incorporate industry standard 256-bit Advanced Encryption Standard (AES). Encryption keys are sent to the drive by an encryption key manager in accordance with the following standards.</p>
<p>• Galois/Counter Mode of Operation (GCM)
• Advanced Encryption Standard (AES), IEEE
• SPC-4 SCSI Primary Commands, IEEE SSC-3
• SCSI Stream Commands and IEEE
• P1619.1TM/D13, Draft Standard for Authenticated Encryption with Length Expansion for Storage Devices.</p>
<p>The AES, the block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process more open and transparent than its predecessor, Data Encryption Standard (DES). The new (AES) standard was formulated in response to the need for greater than 56-bit keys. AES operates on a 4×4 array of bytes, termed the state. For encryption, each phase of AES (except the last round) consists of four stages:</p>
<p>1. AddRoundKey—each byte of the state is combined with the round key;
each round key is derived from the cipher key using a key schedule.</p>
<p>2. SubBytes—a non-linear substitution step where each byte is replaced
with another according to a lookup table.</p>
<p>3. ShiftRows—a transposition step where each row of the state is shifted
cyclically a certain number of steps.</p>
<p>4. MixColumns—a mixing operation which operates on the columns of the
state, combining the four bytes in each column using a linear
<p>Features and Benefits</p>
<p>Software encryption utilises server processor power, effectively reducing server performance.
Software encryption also reduces backup performance and media capacity, because software
encrypted data cannot be fully compressed by the tape drive. The benefits of LTO-4 hardware encryption are:</p>
<p>• Increased server performance and availability.
• Increased backup speed and media capacity.</p>
<p>When writing to tape, the LTO-4 drive encrypts data after it is received and compressed. Data is encrypted at full speed in hardware, not limiting tape drive performance. During the write process, the drive decrypts data after encrypting to provide on-the-fly checking to verify correct encryption.</p>
<p>LTO-4 encryption is managed by third party application developers commonly referred to as ISVs or Backup Software. Encryption keys are managed by the application (ISV) layer or separate Key Manager. Data is encrypted using a four layer process during WRITE operations, when the encryption key is passed from the server to the drive. Data is decrypted on READ (restore) operations.</p>
<p>While encryption capabilities are defined in the LTO Generation 4 as an open standard
specification, encryption is an ‘optional’ feature that LTO vendors can include or not include in their tape drive. Check with the vendor to verify this optional feature.</p>
<p>LTO-4 Encryption is new to the industry. While there are many backup software solutions available in the industry, not all of them support LTO-4 Encryption key management capability. More major backup solution vendors are integrating support for LTO-4 encryption, but it pays to check with your ISV solution provider for more detail.</p>

Most Popular