SecureVTS Tape Encryption for Virtual TapeServer

The number of publicized security breaches over the past 2 years has been alarming, as have been the fines, penalties and legal burdens placed on companies that have suffered from data breaches. Minimizing data at rest risks, maintaining regulatory compliance and keeping out of the news headlines has become a priority for executives and Boards of Directors.

SecureVTS Encryption

• Deploys on existing hardware
• Uses industry standard 256-bit AES symmetric key encryption
• Includes an integrated Key Server and Key Database that supports the full key management lifecycle.

Ease of Use

Every enterprise defines different policies regarding backup, archive and retention requirements. Many enterprises find it valuable to integrate VTS and SecureVTS into enterprise-wide backup strategies. VTS supports the migration of data to physical tapes under the control of a backup management application.

SecureVTS complements VTS data compression capability. Layering SecureVTS onto the VTS stack allows disk compression to occur before encryption. This is critical because data compression removes repeatable data patterns and encryption hides recognizable data patterns by writing data as ciphertext. To be effective, compression must be performed before encryption as encrypted data is not compressible.

SecureVTS provides integrated access controls and user level privileges. Role-based access rights for working groups or individual users can be assigned in accordance with the company's security guidelines. Role based privileges prevent unauthorized persons from modifying data encryption settings. SecureVTS requires that an Administrator role be established to configure system encryption functions.

Integrated Key Management

SecureVTS includes an integrated Key Server and Key Database that supports a full key management lifecycle including generation, distribution, usage, storage, and recovery. The SecureVTS key management system consists of three components:

1. Data encryption using symmetric key encryption
2. Secure encryption key storage in a key database
3. Encrypted links between the encryption keys and data using asymmetric key encryption which are authenticated before granting key access

Ensuring key randomness and that keys are not reused are high priorities of a key management system. Keys are securely stored in the SecureVTS integrated key server database to ensure it remains uncompromised and centrally located. The connection between the Key Server and encryption module is also secured and encrypted.

Managing Encryption

The flexibility of SecureVTS allows companies to tailor the solution to meet their specific needs. Granularity at the virtual cartridge level ensures that enterprises can only encrypt critical data when needed, thereby conserving valuable processing resources.

When the need to decrypt tape arises, SecureVTS uses an ID stored in the metadata header of the tape to associate a key in the key database with the data to be decrypted.

Key Protection

Backing up the key server database is essential to ensuring that encryption keys and key SecureVTS can remotely backup the key database to any file system located offsite. For additional system redundancy, SecureVTS also supports clustering to allow the key database to be backed up locally to another node in the cluster as illustrated below.

Responding to regulatory compliance tenets and security audits is an ongoing challenge for enterprises. Noncompliance and suffering through a high publicized breach can be painful for companies and their Boards of Directors. Securing data at rest through encryption is perhaps one of the simplest and most effective ways enterprises can position themselves against unauthorized use. Leveraging the benefits of VTS with SecureVTS allows proactive users to demonstrate compliance to auditors and respond to overarching regulatory directives.

To learn more about how to purchase our products, see:

How To Buy