Data Encryption

Data Encryption

Encryption protects your data stored to tape

The SPHiNX provides optional data encryption by using strong AES-256 encryption and a robust key management infrastructure to satisfy regulatory compliance and strong company security policies. With SPHiNX all data at rest is considered to be data at risk thus data stored on SPHiNX disk is encrypted and any data written to physical tape can remain encrypted. If you backup to disk and archive to tape, then you can rest easy knowing that if the tapes are compromised in transport or the data gets into the wrong hands, you can avoid the enormous cost of a data breach notification.

Depending upon your business data archival policies, SPHiNX can completely remove physical tape from your environment while enabling immediate access to your data. With the support of optional data replication, SPHiNX is able to synchronize data copies between one or more sites by replicating data over the WAN between one or more SPHiNX systems. SPHiNX optimizes available network bandwidth by supporting bandwidth limit settings, multiple replication streams, and data reduction by transmitting only the delta changes over the network or WAN Acceleration which can drastically reduce latency and network overhead when transmitting data over the wide area network (WAN).

    Request a Demo

    SPHiNX Encryption Process

    SPHiNX Key Management feature ensures that your data at rest is never at risk and remains encrypted to physical tape for as long as you need it. When backing up to disk and then archiving to tape, even if the tapes are compromised, your data is securely encrypted and cannot get to be decrypted without permissions. The Key Management not only protects your data, but saves you money and time in case of data breach incidents.

    System Assessment

    One of our SPHiNX engineers will asses your system’s settings and help you choose the encryption method that suits your needs. If you work in an IBM i Power Systems (IBM i, AIX) environment, you know that the standard backup methods used with local, attached tape storage can be frustrating at times. Your backup streams may run slow. Moreover, if you encrypt your data, the backup process is gonna be slowed down. You might need help with configuring it in such a way that the backup runs at a  desired speed without hiccups or stumbles. The backbone of your business—the Power Systems server— shouldn’t be causing you backup headaches due to the Total Cost of Ownership (TCO).

    Encryption Configuration

    Data Encryption is an optional licensed feature that enables the storage device to encrypt data that is stored on the virtual tape. Data encryption protects only data at rest, not the server. When an encrypted tape is mounted, the data that is written to the tape is encrypted. The server can be instructed to encrypt data that is already stored on a virtual tape if the tape is not encrypted. When the server exports an encrypted virtual tape to a physical tape using tape-to-tape export feature, the data remains encrypted if the server is so configured and if all drives in the physical library support encryption. Otherwise, the server decrypts the data before it is exported.

    Tape Encryption & Decryption

    SPHiNX can encrypt virtual tapes individually or encrypt an entire tapes pool, by instructing the server to automatically encrypt virtual tapes when they are added to the pool. When encrypting a pool, all virtual tapes in the pool are encrypted the very moment they are created. If virtual tapes exist in the pool when the pool is configured for encryption, there is the option of excluding specific tapes from the encryption process.

    When Data Encryption is enabled on a server, the embedded key server can be configured to generate keys for encrypting virtual tapes. SPHiNX uses symmetric key encryption to secure data written to tape. This encryption is based on Advanced Encryption Standard-Cipher Block Chaining (AES-CBC) and uses 256-bit keys provided by a random number generator. When a key is generated, its key ID is stored with the encrypted virtual tape. The key is stored in a key database on the server that generated it, and each key is encrypted multiple times before being stored. When data on a virtual tape must be decrypted, SPHiNX uses the key ID to retrieve the key from the key database.