Today, EMC announced a new software option that encrypts data on its Data Domain deduplication storage systems. Some may wonder why in the world data residing on such an appliance needs to be encrypted. After all, it’s hard to imagine a scenario where someone could somehow stash an entire rack mount storage appliance under their coat, walk out of a badge-protected data center, pass a live receptionist and then fire it up at home to begin accessing data. While such a scenario is daunting and impractical, it seems that disk-based backup appliances are being subjected to the same security measures as if they were magnetic tape. You know -the tape cartridge that is small enough to fit into your pocket or that has a tendency to get lost during transportation to offsite storage facilities.
Internal IT pressures via security audits and certain government mandates tend toward blanket statements that suggest backup data of sensitive nature be protected with industry standard encryption techniques. But how can you definitively tell where the sensitive data is and where it’s not? Making the wrong assumption can mean compromised data. The IT viewpoint might be that it’s easier to “just encrypt everything” and be done with it. While there can be trade-offs, encryption of all data at rest helps satisfy IT governance and compliance. It protects the user’s data against theft of the system, loss or theft of the physical storage media (the disks) and eliminates accidental exposure during the replacement of failed drives when returned to the factory. By encrypting data as part of the inline deduplication process, Data Domain systems give customers the ability to deploy encryption to more easily pass security audits without disrupting the benefits of deduplication for their backup and archive data. Check out more about this news here.