IT security is arguably more important than it has ever been. The existential value of business data, combined with regulatory obligations and cybersecurity threats, make securing digital information a strategic priority for any company. There a many different forms of encryption, including software and appliance based methods, but one of the key advantages of LTO tape technology is that you can securely encrypt backup and archive data without additional investment in software or separate devices.
How does LTO Encryption Work?
LTO drives use the 256-bit Advanced Encryption Standard with Galois/Counter Mod of Operation (or AES256-GCM for short). It is authenticated encryption that achieves very high speeds in hardware with low cost and low latency. AES256-GCM provides both data confidentiality and data integrity in a single, easy-to-use solution.Different vendors may have different ways of implementing LTO encryption, but generally speaking, the process works by sending a symmetric key to the tape drive at the beginning of the backup operation. This key is used to encrypt (and subsequently decrypt)the data as it is written to tape. The encryption key itself is never written to the cartridge, nor is it permanently retained in the backup drive itself, lest that become a target for theft.
Key management is not part of the LTO Ultrium drive specification. However, the format works with third-party key management software, which include LTO licensees, tape automation providers, and independent software vendors.
What are the benefits of LTO encryption?
Protecting customer data is a growing business issue, and the cost of recovery continues to get steeper. Data encryption helps the LTO Ultrium tape drive protect customer information and save them from expensive recovery processes later on.
Better performance and low network impact
Typically, native hardware encryption affects less than one-percent of tape drive performance(note that different vendors may implement LTO encryption in slightly different ways–check your product manual for specific details).
This maximizes tape capacity, increases data transfer speeds and puts less of a drain on host resources.
LTO-encrypting tape drives use GCM for encryption/authentication, which ensures high performance, whereas network appliance and software encryption creates latencies that slow backup performance and require additional device management.
No special cartridges needed
There are no special LTO cartridges, standard LTO cartridges should be used to write encrypted data. Encryption is an optional feature that LTO vendors can choose to include in their drives, based on their individual product lines.