Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:40 AM

Symantec Adds Crypto to Backup

Touts backup server encryption as the cure to users' tape traumas

Symantec today unveiled backup encryption software that it claims will keep IT managers and CIOs out of the storage snafu hall of shame. (See Symantec Expands Data Encryption.)

The vendor is touting its clumsily titled Veritas NetBackup Media Server Encryption Option (MSEO) as a way for firms to encrypt backup data before they shift it off to tape. In doing so, Symantec joins the growing list of vendors looking to tap into users' growing tape paranoia. (See On the Brink of Storage Disaster, Security Smorgasbord on Show and CA Faces Backup Flaw.)

Lost tapes are now almost as much of an IT security cliché as lost laptops thanks to a string of high-profile incidents involving the likes of Time Warner, Los Alamos National Lab and NASA. (See Tape Security Trips Up Users, Can't Quite Kick the Tape Habit, Los Alamos Fallout Continues, NASA Goes to the Dark Side, and Search Results Get Safer: AOL Edges Google.)

Although Symantec describes the software as running on a media server, the vendor is not referring to video and broadcast products from vendors like AVID and Ciprico. (See Storage Grabs Video Limelight, AVID Intros Open Storage, and Ciprico Unveils Enhancements.) Rather, Symantec means a traditional server which backs up data from client devices such as desktops, laptops, and other servers. This, in turn is connected to a tape library or tape drive where the data is stored.

The idea behind today's announcement is that users can encrypt data on the server rather than on the client device, which is the approach taken by IBM's Tivoli Storage Manager. Symantec told Byte and Switch that doing the encryption on the backup server is more efficient than on the client because the server typically has extra CPU cycles, which frees the client up for other operations.

At least one analyst agrees with this approach. "The benefit of moving [the encryption] onto the media server is that it's dedicated to backup, so it will have a lot more capacity than the server you are looking to protect," says Stephanie Balaouras, senior analyst at Forrester Research. IBM, for its part, was unavailable for comment.

Symantec also claims that it is the first backup software vendor to offer encryption on the media server, although Vormetric's CoreGuard offering also encrypts data on the server. And it's an OEM'd version of this product that forms the basis of Symantec's MSEO, although one analyst told Byte & Switch that this could make life easier for IT managers.

MSEO at least removes the hassle of running Vormetric on your server and ensuring that it links up with other backup products and client devices, according to John Oltsik, senior analyst at the Enterprise Strategy Group. "It makes sense to let Symantec do the integration for you," he said.

Users deploying the software, though, will still need to allocate CPU power to it, which makes it slower than using a dedicated encryption device from NetApp/Decru or NeoScale. (See NeoScale Claims Speedy Encryption, Decru Selects Mu, Decru, Sepaton Team, and NeoScale Faces Up to 4-Gig Encryption.)

"There is some processing power that's needed, but the price of the encryption drive is prohibitive for some customers," says Mike Adams, manager of Symantec's NetBackup group.

Pricing for Symantec's MSEO starts at $5,000 for every Windows or Linux client per server, and $10,000 for each Unix client. Key management costs an additional $10,000. Pricing for NeoScale's recently launched 4-Gbit/s CryptoStor FC 712 encryption device, in contrast, is around $45,000.

Encrypting at the tape drive level can also prove expensive. An encrypted Fibre Channel version of Sun's T10000 drive, for example, is priced at $42,000. (See Sun Encrypts Tape Drive and Sun Fills in Storage Crypto Details.)

The cost benefits touted by Symantec, though, depend on the number of client devices used, warns Balaouras. "If you're talking about a number of licenses, it could quickly add up," she says.

The analyst told Byte & Switch that, despite the cost, some of the key management features offered within MSEO could benefit users. (See What's the Key to Excellent Encryption?.) The software, for example, can centralize key management to a specific device and automatically track which key has been used for each tape.

"Traditionally that has been the advantage of going with the more expensive encryption devices like NeoScale or Decru that are very strong in key management," says Balaouras.

MSEO will be available next month.

— James Rogers, Senior Editor, Byte and Switch

  • Avid Technology Inc. (Nasdaq: AVID)
  • Ciprico Inc. (Nasdaq: CPCI)
  • Decru Inc.
  • Enterprise Strategy Group (ESG)
  • Forrester Research Inc.
  • IBM Corp. (NYSE: IBM)
  • NeoScale Systems Inc.
  • Symantec Corp. (Nasdaq: SYMC)
  • Time Warner Inc. (NYSE: TWX)
  • Vormetric Inc.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
    PUBLISHED: 2020-07-07
    A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...