Quantum Corp has become the first mid-range tape vendor to lay out a wide-ranging security roadmap, which from the next quarter will see it ship features such as improved security of administration tools, code-matching of tapes to drives, and native data encryption.
It’s a pretty comprehensive set of tools. From an open systems point of view, it’s fair to say that Quantum is the first to announce something like this in what is a very new security market, said IDC analyst Robert Amatruda.
In the first quarter next year, Quantum will ship a free firmware update for its existing DLT-S4 tape drives and for its forthcoming DLT-V4 drives that will offer a cheaper and more cheerful alternative to encryption as a means of securing tape data.
Called DLT Sage Tape Security, this will embed a security code in tape data headers. If tapes fall into the wrong hands for example by being stolen or lost while in transit to an offsite archive they cannot be read without knowledge of that security code.
Unlike data encryption, the mechanism will not stand up to a forensic attack, because the data on the tape will still be stored as clear text. But it will be a lot easier to implement than data encryption, because it will involve much simpler key management.
It’s not so much the capital expenditure that puts people off encryption, as the operational overhead of the key management. An easier alternative is pretty helpful, said ESG analyst Brian Babineau.
Customers can choose to apply the same code to all tapes created using any drive within an entire library. Initially the codes will be set using Quantum’s tape library management tools, but they will eventually be able to be set using policy-based software, and via third-party backup tools.
Encryption is also however part of Quantum’s plans, as the company said that in the second half of next year it will ship DLT drives, and libraries and autoloaders featuring native, wire-speed data encryption. For the libraries and autoloaders, the encryption will be handled by front-end servers or blades.
Alongside its DLT mid-range drives, Quantum also ships drives made to the rival LTO format. The LTO consortium has yet to make any announcements about native encryption.
In the meantime, Quantum said it is negotiating a joint marketing arrangement with encryption specialist Decru, which is now owned by Network Appliance Inc. Whether that arrangement will see Quantum re-sell Decru’s gear has yet to be decided.
Security analysts say that administration consoles for storage hardware are often an overlooked vulnerability, because they are attached to corporate networks, and so can be hacked into from outside.
Quantum said that in the first quarter it will ship updates to its management tools that improve security via user authentication, SSL and SSH support, and role-based management rights. Audit logging software will come in the second quarter.
Quantum’s security play will also feature in the non-virtual world, because the company said it would add locks to its hardware in the first quarter.