Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/12/2006
07:40 AM
50%
50%

Symantec Adds Crypto to Backup

Touts backup server encryption as the cure to users' tape traumas

Symantec today unveiled backup encryption software that it claims will keep IT managers and CIOs out of the storage snafu hall of shame. (See Symantec Expands Data Encryption.)

The vendor is touting its clumsily titled Veritas NetBackup Media Server Encryption Option (MSEO) as a way for firms to encrypt backup data before they shift it off to tape. In doing so, Symantec joins the growing list of vendors looking to tap into users' growing tape paranoia. (See On the Brink of Storage Disaster, Security Smorgasbord on Show and CA Faces Backup Flaw.)

Lost tapes are now almost as much of an IT security cliché as lost laptops thanks to a string of high-profile incidents involving the likes of Time Warner, Los Alamos National Lab and NASA. (See Tape Security Trips Up Users, Can't Quite Kick the Tape Habit, Los Alamos Fallout Continues, NASA Goes to the Dark Side, and Search Results Get Safer: AOL Edges Google.)

Although Symantec describes the software as running on a media server, the vendor is not referring to video and broadcast products from vendors like AVID and Ciprico. (See Storage Grabs Video Limelight, AVID Intros Open Storage, and Ciprico Unveils Enhancements.) Rather, Symantec means a traditional server which backs up data from client devices such as desktops, laptops, and other servers. This, in turn is connected to a tape library or tape drive where the data is stored.

The idea behind today's announcement is that users can encrypt data on the server rather than on the client device, which is the approach taken by IBM's Tivoli Storage Manager. Symantec told Byte and Switch that doing the encryption on the backup server is more efficient than on the client because the server typically has extra CPU cycles, which frees the client up for other operations.

At least one analyst agrees with this approach. "The benefit of moving [the encryption] onto the media server is that it's dedicated to backup, so it will have a lot more capacity than the server you are looking to protect," says Stephanie Balaouras, senior analyst at Forrester Research. IBM, for its part, was unavailable for comment.

Symantec also claims that it is the first backup software vendor to offer encryption on the media server, although Vormetric's CoreGuard offering also encrypts data on the server. And it's an OEM'd version of this product that forms the basis of Symantec's MSEO, although one analyst told Byte & Switch that this could make life easier for IT managers.

MSEO at least removes the hassle of running Vormetric on your server and ensuring that it links up with other backup products and client devices, according to John Oltsik, senior analyst at the Enterprise Strategy Group. "It makes sense to let Symantec do the integration for you," he said.

Users deploying the software, though, will still need to allocate CPU power to it, which makes it slower than using a dedicated encryption device from NetApp/Decru or NeoScale. (See NeoScale Claims Speedy Encryption, Decru Selects Mu, Decru, Sepaton Team, and NeoScale Faces Up to 4-Gig Encryption.)

"There is some processing power that's needed, but the price of the encryption drive is prohibitive for some customers," says Mike Adams, manager of Symantec's NetBackup group.

Pricing for Symantec's MSEO starts at $5,000 for every Windows or Linux client per server, and $10,000 for each Unix client. Key management costs an additional $10,000. Pricing for NeoScale's recently launched 4-Gbit/s CryptoStor FC 712 encryption device, in contrast, is around $45,000.

Encrypting at the tape drive level can also prove expensive. An encrypted Fibre Channel version of Sun's T10000 drive, for example, is priced at $42,000. (See Sun Encrypts Tape Drive and Sun Fills in Storage Crypto Details.)

The cost benefits touted by Symantec, though, depend on the number of client devices used, warns Balaouras. "If you're talking about a number of licenses, it could quickly add up," she says.

The analyst told Byte & Switch that, despite the cost, some of the key management features offered within MSEO could benefit users. (See What's the Key to Excellent Encryption?.) The software, for example, can centralize key management to a specific device and automatically track which key has been used for each tape.

"Traditionally that has been the advantage of going with the more expensive encryption devices like NeoScale or Decru that are very strong in key management," says Balaouras.

MSEO will be available next month.

— James Rogers, Senior Editor, Byte and Switch

  • Avid Technology Inc. (Nasdaq: AVID)
  • Ciprico Inc. (Nasdaq: CPCI)
  • Decru Inc.
  • Enterprise Strategy Group (ESG)
  • Forrester Research Inc.
  • IBM Corp. (NYSE: IBM)
  • NeoScale Systems Inc.
  • Symantec Corp. (Nasdaq: SYMC)
  • Time Warner Inc. (NYSE: TWX)
  • Vormetric Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    Hacking Yourself: Marie Moe and Pacemaker Security
    Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
    Startup Aims to Map and Track All the IT and Security Things
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-25137
    PUBLISHED: 2020-09-25
    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /a...
    CVE-2020-25138
    PUBLISHED: 2020-09-25
    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test...
    CVE-2020-25139
    PUBLISHED: 2020-09-25
    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_ru...
    CVE-2020-25140
    PUBLISHED: 2020-09-25
    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
    CVE-2020-4531
    PUBLISHED: 2020-09-25
    IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sy...