• The potential need to remount every tape created during the entire year to change keys or address expired ones
• Administering responsibilities for controlling and updating keys in a multi-vendor tape encryption and distributed environments—as well as ensuring appropriate tracking and backup
• Ensuring encryption keys used to protect historical data haven’t expired if the time comes to read the data
• Keeping track of keys in the event of a change in hardware vendors.
Best practice: IT organizations should implement an automated key management system that consolidates and centralizes key management— including all change, tracking, backup, and recovery processes—across multiple vendors and z/OS tape encryption hardware. They also should consider implementing emerging software technologies that provide automated pregeneration of encryption keys. A good key management system also will protect against the early expiration of keys.
Myth 11: Simple encryption of tape data fulfills compliance with security and risk regulations.
Reality: Encrypting tape data doesn’t guarantee compliance. Data breaches also could involve historical data on older media. This could include data exposed during a move, or compromised by a rogue employee. A common misconception is to consider an environment “compliant and optimized” on the first day of a project involving the implementation or upgrade to new tape technologies or compliance methodologies such as encryption. While such a tape environment may be secure and compliant moving forward, it’s certainly not fully compliant. Corporate managers also need to look backward and include historical data into any total compliance tape strategy.
Best practice: IT organizations should classify and group like data, copying and encrypting historical tape data that contain sensitive information. Software utilities that enable the copying and stacking of data—which keeps “metadata” information intact—are particularly useful for this purpose.
A variety of scenarios should be considered in creating a total compliance tape strategy, including:
• Any recall of historical data such as for quarterly or annual processing
• Transfer of tape media from one site to another
• Underutilized tapes occupying expensive slots in a silo.
Tape will continue to play a key role in the data center. In fact, z/OS tape technologists can continue to reduce tape storage costs even in the face of expensive devices by more efficiently using tape media.
IT organizations also can take a variety of steps to prevent interruption of business operations. Fast access to data contained on tapes is critical. So is the standardization of tape management tools. Plus, ever-changing IT environments make it essential to implement tools that are flexible and can be scaled to an organization’s specific needs. Data loss is unacceptable.
Efficient utilization and management of new tape technologies and capacities can deliver peace of mind and greater business value. By better managing and automating key tape-related processes, IT organizations can mitigate risk, reduce TCO, fulfill compliance requirements, optimize security, and support “green computing” initiatives.