We are frequently asked,
“Can nuBridges Protect help me with backup tape
encryption?” The answer is “Yes!” And in a really
elegant way that strikes the perfect balance between
security and convenience.
When you make backup or
archive copies of systems, applications, databases or files,
you’re making copies of any sensitive data in those systems
applications and files. As a result:
- You need to be sure the sensitive data is
protected just as securely as the production
version.
- You have more keys to manage and secure; and
because the copies are “out of sight, out of mind”
it’s very easy to lose track of them. If you lose
the keys, you’ve really lost the data as well.
- You need to be able to readily unlock the data
in the event of a disaster, a recovery event, an
audit event or a forensics event.
Many organizations have implemented separate
technologies for encrypting production data versus
backup/archive copies. Often the keys are stored
with the backup/archive copies because
organizations can’t think of another practical way
to ensure the data can be unlocked if needed – this
is a major violation of data security best practices
(and in some cases, makes you non-compliant with
mandates and regulations).
With nuBridges Protect, one technology handles it all! It
eliminates some steps in the process, making you more
efficient and effective. And it stores the keys in a
centralized key vault, separate from the data.
So How Does it Work?
Simply use nuBridges Protect to encrypt,
hash or mask the production data – credit card numbers,
social security numbers, intellectual property, financial
data, health care information, etc. Then make your backup or
archive copies using the same backup and archive processes
you use across your enterprise – of course, the copies
inherit the protected data, not clear text, so the data is
automatically protected.
And here’s the most important part –
nuBridges Protect will hold the keys for the backup/archive
copies in its centralized key vault; ready for an authorized
request to unlock the backup or archive data down the road.
All keys for production and backed up and archived data are
managed in one centralized, secure infrastructure. Our
intelligent backup media key management eliminates the need
to manually track keys, and allows you to utilize expired
keys from tapes that have been stored for an extended period
of time. Because the nuBridges Protect Key Manager can
handle an infinite number of keys, it can handle all backup
media encryption without the need to pull tapes and
re-encrypt with new keys once a key has expired. The key
manager intelligently identifies the right keys so you can
decrypt restored data.
A Different Strategy
nuBridges Protect offers a new strategy for data
protection. Encrypt sensitive data right at its production
source and you’ve eliminated a tremendous amount of risk
(and eliminated all the additional technologies and
processes you’ve implemented to mitigate that risk).
Encryption is the only effective means of making certain
that others can’t read the information on tapes in the event
they are lost, stolen or compromised. Clearly, encryption is
emerging as the foundation for data protection and is
quickly becoming the cornerstone of data security best
practice. It’s the last line of defense. Even if perimeter
security is breached, encryption means the data remains
worthless unless it can be unlocked. Centralized,
full-lifecycle key management adds control, availability,
compliance and convenience.
Related FAQs
| Q. |
How does this save time in the backup and restore
processes? |
| A. |
Since nuBridges Protect encrypts the data at its
source, any backup copies of that data are automatically
stored in encrypted format. There’s no added step to the
backup process, which increases the time needed to
successfully complete the backup. No compression is
needed, which also increases backup time.
|
| Q. |
So you’re suggesting that we might want to
substitute “particulate” encryption in place of whole
disk-type solutions? |
| A. |
Yes, it’s an ideal approach for some systems,
applications and databases. Why waste resources to
encrypt the company’s annual picnic video? That just
doesn’t make good business sense. Encrypt specific
fields and/or files before writing to electronic backup
media, and let inheritance do the work for you.
|
| Q. |
Can you summarize what makes nuBridges Protect
special when it comes to backup and archive copies of
sensitive data? |
| A. |
nuBridges Protect elegantly enhances any existing
backup process without disruption. Because nuBridges
Protect encrypts sensitive and mission-critical
information at its source, any backup copies of that
data are, of course, stored in encrypted format
(separately from the keys). When backed-up data needs to
be accessed for recovery or audit purposes, information
is simply restored from the backup medium and then with
proper credentials the correct encryption key is used to
decrypt the data. The encryption keys are stored in a
‘key vault’ within the Key Manager and only accessed
when required. Keys are always stored separately from
the encrypted data on the backup medium – a very
important best practice. That means IT can use one
consistent backup process for all data – no exceptions
for sensitive data – as long as you are encrypting it
with nuBridges Protect. nuBridges Protect supports the
full lifecycle of encryption keys – from production
through backup and archive – simplifying and
strengthening your data protection infrastructure. |
| |
|
Contact nuBridges to
learn more – we’d be delighted to answer your questions
regarding Backup Tape Encryption,
show you the capabilities of nuBridges Protect, and propose
a module set tailored specifically to your business needs
and technology ecosystem. |
nuBridges Protect
