CryptoStor Tape

News Posted by: dymar on 05/03/2018 10:42

Thales CryptoStor® Tape


September 2009Integrate encryption into your existing tape systems without making expensive changes to your backup processes or architecture.


Lost backup tapes are one of the most embarrassing and common forms of data breach. Thales CryptoStor Tape is an appliance that protects tape backups without requiring changes to systems, processes, or backup windows.


Because the data is protected by proven, certified encryption and automated key management, lost tapes do not damage your reputation or bottom line. And unlike some appliances, Thales CryptoStor Tape does not disrupt or slow your current backup processes.



Prevents data breaches

Protects brand and reputation

Uses existing systems and process

Delivers FIPS-validated security



High-performance background encryption

Real-time encryption maintains your existing backup window and schedule.

Integrated key management

Automatic key generation, backup, and recovery ensure access to encrypted data.

Multi-interface support

Integrates with both fiber channel and LVD SCSI tape interfaces.

Role-based administration

Web-based administration enforces administrative privileges by role.

Proven, certified security

Certified FIPS 140-2 Level 3 validation.

Fast recovery

System maintains media catalog for quick recovery.


Protect backup tapes without impacting your environment

Tape media is the most common means of archiving enterprise data. While organizations have implemented tighter access controls, these do not protect the tape media itself, especially during transport and storage. All too often, removable media is lost or stolen. When that happens, unauthorized users can read tape data, analyze confidential information, and even rebuild entire systems without a trace. The resulting damage can be massive. Encryption provides the only fail-safe security mechanism for archived data, but many organizations fear it will require costly changes, lengthen backup times, or make data difficult or impossible to retrieve.


Encryption without disruption

An in-line, high-speed tape encryption appliance, Thales CryptoStor Tape delivers enterprise-class data protection and privacy. It encrypts tape data and provides automated key management with minimal impact to operations. Native tape drive performance remains unchanged.


Integrates with existing processes

Thales CryptoStor Tape works with your existing backup applications, receiving data from servers and passing encrypted data to tape libraries. It can operate alone or be clustered.




Protect existing tape investment

Thales CryptoStor Tape enables you to easily add encryption.

Supports tape drives and tape and virtual tape libraries – Enables encryption without changing your environment.

Offloads data compression and encryption – Compresses and encrypts data before writing to tape, offloading all encryption processing.


Safeguard brand and reputation

Thales CryptoStor Tape protects sensitive data to meet legal and compliance requirements.

Compliance – Provides encryption and key management to address PCI DSS and other compliance initiatives.

Strong authentication – Two-factor authentication to protect management interface.


Integrate quickly and scale easily without impacting existing processes

Thales CryptoStor Tape can be deployed flexibly into different environments.

 Backup application transparency – Supports popular backup applications.

 Multiple-appliance clusters – Scales from a single appliance to a cluster.

Key sharing – Keys can be shared automatically between appliances.

Flexible key policies – Keys created for each tape can be stored either in the appliance or on the tape media.


Retain access to data with centralized key management

To ensure that tapes can be restored, Thales CryptoStor Tape manages encryption keys.

Key backup and restoration – Back up encrypted keys and be prepared to restore if necessary, or add an additional appliance so keys are shared for high availability.

Security policy enforcement – Controls data encryption and key usage enabling business partners to access data regardless of location, as desired.





Industry-proven cryptographic processing engine

Dynamic AES-128/AES-256 encryption

Smart Card authenticated access and auto key escrow

M of N key recovery (Shamir’s shared secret)



Sustained high-speed data transfer rates

Backup transparent: Symantec/Veritas, EMC/Legato, CommVault, HP, IBM, SyncSort, and CA (among others)

Authenticated media integrity option

Per-tape encryption key granularity

Integrated data compression



Web GUI, CLI, jumpstart wizard, and LCD display

■  Authenticated user level, SSL/SSH remote access

Centralized key protection, catalog and provisioning

Appliance and software-only data recovery options

Filtered logging, cryptographically secure audit, and complete alerting

Role-based users: administrator, security officer, recovery officer



2U, 30 lbs (13.6 kg), 19″ rack mountable (17″ x 30″ x 3.5″; 432mm x 762mm x 89mm)

Hot-swappable, redundant fans and universal power supplies

100/240 VAC, 50/60 Hz, 460W



FIPS 197: Advanced Encryption Algorithm

FIPS 180-2: Secure Hash Standard

FIPS 186-2: Random Number Generator

FIPS 186-2: Digital Signature Standard





  • Share this