Storage Encryption Reevaluated

Recent developments in storage security have left customers wondering what's next in the evolution of tape and disk encryption.

The recent demise of NeoScale and the purchase of its assets by nCipher indicate that the days of the standalone tape or disk encryptor may be numbered. After all, another early supplier, Kasten Chase, went belly-up last year. And despite Decru's apparent success, some may ask whether at least some of that can be attributed to the deep pockets of parent company NetApp.

ESG analyst Jon Oltsik says it's too soon to shovel dirt over the grave of the stand-alone encryptor. "There's still plenty of demand for encryption in two areas -- tape and laptop," he says. Nonetheless, he notes that since Decru and NeoScale first came out, some alternatives to stand-alone devices have emerged.

Examples include IBM's TS1120 tape library with integral encryption, a product that typifies the trend among LTO-4 tape storage suppliers toward integrating encryption in their wares.

Oltsik envisions a solid market for tape encryptors for the next three to five years, after which disk will probably dominate.At the same time, key management that incorporates tape and disk devices is gaining momentum among vendors like HP, IBM, Decru, nCipher, and CipherMax.

ESG's Oltsik sees products like these taking root in the form of stand-alone multiport appliances that handle encryption and key management for a range of tape and disk devices.

While standards are in the works, vendors will vie for de facto encryption management status for the foreseeable future, Oltsik says. Part of this trend includes Cisco and EMC, which have teamed on a fabric encryption project that sources say may surface in products during the first quarter of 2008.

Meanwhile, the IEEE's P1619 group is moving ahead with specs. According to Matt Ball, chair of the P1619.3 study group working on multivendor key management, the IEEE recently approved the P1619-2007 and P1619.1-2007 standards, defining the encryption modes to be used in tape and disk drives. "The LTO-4 tape drives (created by IBM, HP, and Quantum), along with IBM's TS1120 and Sun's T10000, all use 1619.1-2007 encryption," he wrote in a recent email to Byte and Switch.

The IEEE is still drafting the P1619.3 key management specs, to which NeoScale contributed and which Ball says Decru played a major role in defining. Still, substantial changes are likely to be made to that spec before it's finished.In the meantime, it looks as though customers will be presented with a broadening set of capabilities in stand-alone storage encryptors, which will move toward multivendor key management as integral encryption becomes a key part of VTL, tape, and disk backup. Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.