|
Need for encryption
Headlines about data theft, tape loss, and compromised customer records containing unencrypted data are appearing more frequently. These events underscore the need to focus on securing critical and sensitive company data, including copies of data created during backup operations.
The window of risk to your sensitive data expands as the value of your data increases. Some of these risks include:
- Unencrypted removable media taken offsite for "security" is less secure than almost any other corporate data.
- Theft of a tape and removable media is a major risk that is difficult to track due to the size of the media.
- Data may become available to third parties if a tape is lost or left unprotected.
- There is no way to tell if a tape has been copied or duplicated for unauthorized purposes.
- Tapes are often taken offsite by the lowest cost method instead of the most secure method.
- Operators can initiate an unauthorized restore of a tape redirected to their system.
Encryption is the most effective method for securing data on portable media. Analysts, government, law enforcement, and regulatory agencies continue to advise on the criticality of encryption, and yet many companies have not yet implemented encryption as part of their backup process. The main reasons given for this decision are that encryption can add layers of complexity to their processes and that it will increase the time required to successfully complete the backup or restore process.
Symantec Backup Exec 11d for Windows Servers
Safe, secure, and easy encryption with Backup Exec
Symantec? Backup Exec 11d for Windows Servers now includes encryption capabilities that provide an additional layer of protection for your sensitive data, while helping to ensure that the use of encryption does not hinder the backup or restore process critical to safeguarding company assets. The new encryption capabilities of Backup Exec 11d attempt to address the concerns traditionally associated with backup encryption such as:
- Cost versus protection
- Complexity
- Lack of flexibility
- Lengthened backup process
Cost versus protection
Backup Exec 11d uses industrial-strength, 128-/256-bit Advanced Encryption Standard (AES) encryption. This allows Backup Exec to provide one of the highest levels of encryption that meet or exceed strict U.S. government and corporate standards.
Backup Exec 11d encryption supports both files and databases. It provides security for your
backup data regardless of where it resides or what happens to it after it leaves your site.
Unlike competing solutions, Backup Exec 11d includes these encryption capabilities at no additional charge. In this way, Symantec helps ensure that all organizations that use Backup Exec have access to safe, secure, and easily encrypted backups - regardless of their budget - to safeguard their important data.
Complexity
In today's complex IT world, encryption must not only be industrial strength, but it also must be easy to manage so that it is used whenever possible. The Backup Exec 11d integrated encryption key management system helps ensure that encryption is easy to use and manageable - all from within the familiar Backup Exec console.
Symantec Backup Exec 11d for Windows Servers
Lack of flexibility
Backup Exec 11d encryption implementation offers the flexibility to encrypt only the data you want, when you want and where you want. Encryption can be enabled:
- On a per-backup-job basis
- On a per-policy basis for increased automation of policy-based protection
- On a global basis to help ensure all backups are encrypted per company standards
- On tape and/or disk backups
By using software as the controller of encryption rather than media hardware, administrators gain a heterogeneous security option that allows them to encrypt and decrypt data regardless of the hardware platform used for backup or recovery.
Lengthened backup process
Backup Exec 11d encryption is flexible, which allows it to occur only during a particular stage of a backup. For example, companies using disk staging or disk-to-disk-to-tape (D2D2T) can enable encryption only on the tape portion of the backup. Companies that are concerned about the performance impact of software-based encryption on production systems can now perform fast, unencrypted backups to secure disk locations using the included backup-to-disk (B2D) technology. They can then configure a duplication job to run immediately after the initial disk-based backup or at a later scheduled time regardless of the backup window. This portion of the backup can be done to another disk location or to removable media, such as tape, for offsite storage where encryption is most critical. This avoids lengthening the initial backup process and also avoids any encryption-related performance impact on production systems, as the duplication job involves only data movement on the Backup Exec server.
|
