In today's world of CD-ROMs and high-capacity DVDs, it is easy to forget that there are other storage media which still have considerable popularity. One frequently overlooked example of this is the humble tape, which is still vital for many businesses.
Modern tapes have extremely high capacities, and developments in fiber channel mean that recording speeds are incredibly fast. However, there is an inherent security risk – after the tape has been recorded, when the data becomes portable, and therefore at risk. This is increased if you send the tapes off site to a firestore. How can you be certain that the courier isn't simply going to vanish with your confidential client records?
The vendor, Digital Interactive, has come up with an eminently sensible solution to this loophole – encrypting the data as it is recorded. Its Paranoia2 appliance encrypts the information at a data, rather than an application level, so that even if the tape is stolen, it is useless.
The device is a compact and uncluttered machine, roughly about the size and shape of a domestic video recorder (although it is also available as a rack-mounted model), with a simple LCD display on the front. It is actually two appliances in one: the encryption/ decryption engine and a systems monitoring unit, to ensure that environmental and other conditions are within acceptable limits.
Physically, the Paranoia2 is situated between the data repository and the target tape drive, connected via Ultra-SCSI. It automatically detects the SCSI ID of the tape device and passes this to the data repository. Following this, it is completely transparent.
Software installation is straightforward, with two options. It can be installed via a dumb terminal, in which case a simple set of CLI statements is all that is required. This is covered in the brief, yet understandable, documentation. It is more likely that you will use a Windows PC attached via the RS232 serial port. This presents you with a very usable series of GUIs.
This Parasoft application has been specially hardened. At each stage, it interrogates the Paranoia2 device and ensures that it is functioning correctly. The user does not need to do anything at a hardware level; the device automatically detects the hardware settings of the target tape drive and configures itself accordingly.
After installing the software, your first step is to enter a password to protect the device itself. This belt and braces approach ensures that the password is required to alter the encryption settings. Following this, the user encryption key may be set. Paranoia2 uses bipartite encryption. At the time of manufacture, a unique chip is installed into the device. This chip cannot be deciphered – either by the end user or by the manufacturer itself – so even if the device is stolen, it will not help the thief, even if they took the machine to pieces.
The second part is a firmware encryption key, entered by the network administrator. The length of the key determines the level of encryption available. For full triple-DES encryption, a 32-character key is required. Only when these two keys are in synch can the device actually be used.
This is one powerful little encryption device. It can use both DES and triple-DES encryption, and for the highest possible security, the information can be encrypted three times. The data stream from the repository is split in two, and each stream is encrypted separately. With 56K encryption, this means 72 quadrillion possible keys. And just to make it even harder, the two streams are then interlaced before being recorded.
Although one of these devices should be sufficient (retrieved tapes can be decrypted when they are returned) it is probably best to have two of them, with the second in the firestore. There is not much point using it to ensure the security of your backups in case of disaster if the Paranoia2 is destroyed. Because of the encryption methodology, you would never be able to get your data back.
If you have a need to store your corporate information on tape, the Paranoia2 is an ideal device to plug the security gap between your company and your firestore. It is a niche application that could mean the difference between disaster recovery and disaster.