Thales CryptoStor® Tape
September 2009 – Integrate encryption into your existing tape systems without making expensive changes to your backup processes or architecture.
Lost backup tapes are one of the most embarrassing and common forms of data breach. Thales CryptoStor Tape is an appliance that protects tape backups without requiring changes to systems, processes, or backup windows.
Because the data is protected by proven, certified encryption and automated key management, lost tapes do not damage your reputation or bottom line. And unlike some appliances, Thales CryptoStor Tape does not disrupt or slow your current backup processes.
■ Prevents data breaches
■ Protects brand and reputation
■ Uses existing systems and process
■ Delivers FIPS-validated security
High-performance background encryption
Real-time encryption maintains your existing backup window and schedule.
Integrated key management
Automatic key generation, backup, and recovery ensure access to encrypted data.
Integrates with both fiber channel and LVD SCSI tape interfaces.
Web-based administration enforces administrative privileges by role.
Proven, certified security
Certified FIPS 140-2 Level 3 validation.
System maintains media catalog for quick recovery.
Protect backup tapes without impacting your environment
Tape media is the most common means of archiving enterprise data. While organizations have implemented tighter access controls, these do not protect the tape media itself, especially during transport and storage. All too often, removable media is lost or stolen. When that happens, unauthorized users can read tape data, analyze confidential information, and even rebuild entire systems without a trace. The resulting damage can be massive. Encryption provides the only fail-safe security mechanism for archived data, but many organizations fear it will require costly changes, lengthen backup times, or make data difficult or impossible to retrieve.
Encryption without disruption
An in-line, high-speed tape encryption appliance, Thales CryptoStor Tape delivers enterprise-class data protection and privacy. It encrypts tape data and provides automated key management with minimal impact to operations. Native tape drive performance remains unchanged.
Integrates with existing processes
Thales CryptoStor Tape works with your existing backup applications, receiving data from servers and passing encrypted data to tape libraries. It can operate alone or be clustered.
Protect existing tape investment
■ Thales CryptoStor Tape enables you to easily add encryption.
■ Supports tape drives and tape and virtual tape libraries – Enables encryption without changing your environment.
■ Offloads data compression and encryption – Compresses and encrypts data before writing to tape, offloading all encryption processing.
Safeguard brand and reputation
Thales CryptoStor Tape protects sensitive data to meet legal and compliance requirements.
■ Compliance – Provides encryption and key management to address PCI DSS and other compliance initiatives.
■ Strong authentication – Two-factor authentication to protect management interface.
Integrate quickly and scale easily without impacting existing processes
Thales CryptoStor Tape can be deployed flexibly into different environments.
■ Backup application transparency – Supports popular backup applications.
■ Multiple-appliance clusters – Scales from a single appliance to a cluster.
■ Key sharing – Keys can be shared automatically between appliances.
■ Flexible key policies – Keys created for each tape can be stored either in the appliance or on the tape media.
Retain access to data with centralized key management
To ensure that tapes can be restored, Thales CryptoStor Tape manages encryption keys.
■ Key backup and restoration – Back up encrypted keys and be prepared to restore if necessary, or add an additional appliance so keys are shared for high availability.
■ Security policy enforcement – Controls data encryption and key usage enabling business partners to access data regardless of location, as desired.
■ Industry-proven cryptographic processing engine
■ Dynamic AES-128/AES-256 encryption
■ Smart Card authenticated access and auto key escrow
■ M of N key recovery (Shamir’s shared secret)
■ Sustained high-speed data transfer rates
■ Backup transparent: Symantec/Veritas, EMC/Legato, CommVault, HP, IBM, SyncSort, and CA (among others)
■ Authenticated media integrity option
■ Per-tape encryption key granularity
■ Integrated data compression
■ Web GUI, CLI, jumpstart wizard, and LCD display
■ Authenticated user level, SSL/SSH remote access
■ Centralized key protection, catalog and provisioning
■ Appliance and software-only data recovery options
■ Filtered logging, cryptographically secure audit, and complete alerting
■ Role-based users: administrator, security officer, recovery officer
■ 2U, 30 lbs (13.6 kg), 19″ rack mountable (17″ x 30″ x 3.5″; 432mm x 762mm x 89mm)
■ Hot-swappable, redundant fans and universal power supplies
■ 100/240 VAC, 50/60 Hz, 460W
■ FIPS 197: Advanced Encryption Algorithm
■ FIPS 180-2: Secure Hash Standard
■ FIPS 186-2: Random Number Generator
■ FIPS 186-2: Digital Signature Standard