encrypted tapes

[Perry E. Metzger]

james hughes <hughejp at mac.com> writes:
> There are large institution with 1000s of tape drives and 1,000,000
> or more cartridges. Even simple solutions are huge to implement. This
> is a non-trivial matter. The technical solutions are possible, there
> are vendors out there that are already doing this. Getting from here
> it there, even if the solutions were available for free is still a
> very expensive challenge.

It isn't much of a challenge. In several cases, the cost of
implementing backup encryption was much cheaper for my customers than
the cost of the time it took me to explain to them that they needed it
-- i.e. ignorable.

There are plenty of reasonable ways to handle the key management
problem, and even using a well known (at least if you have the key to
the safe deposit box) conventional key for all your backups in a given
month or six months is a whole lot better than leaving the data in the
clear. (Sure that isn't ideal, but now you've raised the bar a whole
lot, and you can implement better methods if you have the will.)

Some people claim that the data rates you are dealing with are too
high to permit doing the encryption without hardware, but that's
usually because they imagine having all the compression and encryption
done on the machine managing the tape robot. Even in that case,
though, extra processors are often a whole lot cheaper than the labor
cost of the meeting needed to discuss the problem.

> Bottom line, this issue is here to stay and will take years to solve.

Since several of my customers have solved this problem already, and
since it didn't take them years, I have to dispute that claim pretty
strongly.

The most important thing it requires is the will to do it. Cost isn't
a real issue, technology isn't a real issue. Human beings are the issue.


Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com