Shifting storage network defenses toward an access control model capable of securing stand-alone tape drives, tape cartridges, tape automation and disk-based backup systems, Quantum Corp. this week unveiled a new security framework and protection capabilities set to be embedded across its products over the course of next year.
Quantums new security framework features three types of access control: administrative access, data access and physical access.
The framework will be buoyed in the coming year by the release of DLTSage Tape Security, a new firmware feature that is designed into the tape drive to block access to a cartridge without the need for encryption.
There will also be a new joint marketing and sales agreement with encryption provider Decru Inc., Quantum officials said.
Quantum will support interoperability with Decrus DataFort appliance by the first quarter of 2006. Decru, a provider of network encryption, was acquired by Network Appliance Inc. in June for $272 million in cash and stock.
For the administrative access portion of its framework, Quantum, based in San Jose, Calif., is introducing a number of features that IT managers should be familiar with in other parts of their IT infrastructure but that have not traditionally been applied to backup infrastructure.
Due for release next quarter, these include user-authentication and authorization through support for LDAP and Microsoft Active Directory, as well as role-based access privileges on Quantums tape libraries.
Administrative access will also feature audit log-in capabilities—available in Q2 2006—to track successful and unsuccessful attempts to gain access to libraries and tape systems, and support for SSL/SSH (Secure Sockets Layer/Secure Shell) protection.
To push physical access protection, Quantum will in future offer locks on its tape drives, tape libraries and disk-based backup arrays as a standard component, officials said. That will be joined by the promotion of security best practices for physical storage assets to help organizations better delegate security responsibilities.
Data Access will consist of DLTSage Tape Security, native encryption on tape drives, encryption appliances on a server and Quantums existing DLTSage WORM product.
DLTSage Tape Security uses electronic keys written into the header of a tape in an encoded format to prevent the reading and writing of data onto tape. Once the product is activated, an administrator assigns a key to all drives in a library. As the cartridges are written, a key is embedded on the tape to secure access its data.
Once the data is set to be read, the DLTSage Tape Security tool in the drive compares the key on the tape to the one supplied by the library and will unlock the information only if the keys are a perfect match.
DLTSage Tape Security for Microsoft Windows Key management will be available next quarter, while a version for Unix and Linux key management is expected to be ready by the second quarter of 2006, Quantum officials said.
The product can be managed in three ways. The first is at the most basic level, in a stand-alone tape drive environment using DLTSage individually for each tape drive. Or customers can use it through a host backup application such as Computer Associates International Inc.s BrightStor, Symantec Corp.s BackupExec, or EMC Corp.s Legato. Lastly, the product can be managed through a Quantum autoloader or library via a management GUI.
DLTSage Tape Security will be offered free to customers as a standard feature in Quantums newest drives, that is, the DLT-S4 drive to be announced in Q1 2006, and the DLT-V4 drive, which is currently available. Existing customers of the drive will be able to get DLTSage Tape Security next quarter as a firmware download.
For customers that are comfortable deploying encryption to lock down data residing on tapes, Quantum announced that it will offer native encryption across its tape drives in 2006. The company will embed the encryption into the tape drive in much the same way that a compression chip is embedded.
At some point in the future, the company will offer native data encryption within its tape libraries. However, details of how that will be accomplished have yet to be determined, Quantum officials said.