If someone pulls a disk out of the array, (replacing a bad disk, etc), you can't tell a regulator/auditor that it was encrypted. A purely bureaucratic reason, but still valid. Regulations pop up all the time without actual technical consideration. (I want to punch anyone who says the words "7 years" to me!)
The OP's email address sounds like he's involved in the health care industry. They have the worst of it. Almost as bad as the financial industry. Regards, Shawn ________________________________________________ Shawn Drew Internet dplafla...@gmail.com Sent by: ADSM-L@VM.MARIST.EDU 07/02/2012 05:35 PM Please respond to ADSM-L@VM.MARIST.EDU To ADSM-L cc Subject Re: [ADSM-L] VTL's and D2D solutions On Jul 2, 2012, at 9:35 AM, Kevin Boatright wrote: > We are currently looking at adding a Disk to Disk backup solution. Our current solution has a 3584 tape library with LTO-5 drives using TKLM. > > We have looked at Exagrid and Data Domain. Also, I believe HP has a solution. > > We will need to have encryption on the device and the ability to replicate between the two disk units. Why do you have to have encryption on the device? No, that wasn't a sarcastic question. If someone pulls a disk out of your DataDomain RAID, what can they do with it? Your data is striped across many drives, in chunks that are admittedly large enough to have a whole mailing address on it. Is someone afraid that someone else will steal one or more drives and then read unstructured streams of data looking for PII? Really? There's no chance that a tape will fall off a truck as you ship your backups off site. Sure, encrypt the VPN between sites, or use a dedicated network. But that doesn't mean you have to encrypt your data on the appliance, unless you're more paranoid than I am (or answer to people who are more paranoid than I am). At this point, I start worrying more about debacles from poor implementation or management of encryption than I do about loss of unencrypted data. > Anyone have any comments or recommendations? Besides DataDomain, HP, and IBM, I'm sure the rest of EMC, Oracle, and even small brands like Coraid would propose different solutions. For example, why not replicate cheap disk, on top of which you build FILE devices? Do you need the cost of a DataDomain or ProtecTier front-end, or do you just replicate unduplicated data? Oracle and Coraid will sell you large arrays of cheap disk with ZFS front-ends that could replicate data if you need it and could deduplicate the data as justified. I'm not saying I'd want to bet my job on Coraid, but others find there cost advantage over DataDomain attractive. > Thanks, > Kevin Nick This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. Please note that certain functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.