Encryption outside the box

When it comes to encryption, users have two basic choices: hardware appliances or software applications. Given software's performance issues, only small shops need apply.

Saying it had seen a surge in requests for security products, BakBone Software Inc. this week became the latest of many vendors to feature new data security functions for users, in this case a plug-in encryption module for its software.

BakBone offers a number of modular add-ons for its core backup product, which it estimates has about 9,000 users worldwide. The encryption module was updated for this week's release to be compatible with the most recent version, NetVault 7.3, released in Feb. 2005. The newest version also features a CAS-128 encryption algorithm as well as the ability to encrypt by default the encryption key itself for an added level of security.

It's a move the company says is based largely on new reports of security breaches and is unique to the U.S. According to Dani Kenison, director of corporate communications for BakBone, the company saw requests for its security module rise from negligible -- eight purchases of the module in calendar 2004, to noticeable -- 110 requests in 2005, all to U.S customers.

"The traction we're getting is due to these stories where supposedly secure data has been breached," Kenison said. "Those cases have been made public in the U.S. more than anywhere else. There's been more of a trend here in the U.S. that has been driving up a demand of the encryption solutions."

The main appeal of the product, which sells at $195 per backup client, is its low cost. "Another benefit," according to Michelle Zou of IDC, "is that you don't need to update your entire software package, which would be disruptive to your operation."

Software's drawbacks

However, analysts and industry players warn -- beware of the drawbacks to software-based encryption, especially in performance.

"It's good that BakBone is adding a new feature," said Curtis Preston, senior analyst for GlassHouse Technologies Inc. "But, typically, encryption as software on a backup client impacts performance, somewhere between 30% and 50%. We have enough things slowing down our backups without adding encryption to the puzzle."

He added, "Depending on where they're doing encryption, hopefully you can turn on client-based compression, because once data is encrypted, it cannot be compressed. But since compression causes a performance problem as well, most people are not going to turn on client-based compression, and now they've cut the capacity of the average tape drive in half."

According to Michele Borovac, director of marketing for encryption hardware vendor Decru Inc., software backup is also less secure. "Encryption keys are stored in plaintext on an open systems machine, often, Windows," she said. "This means your encryption keys are floating around in an insecure environment. You're just complicating your system without adding security."

"We're not saying there'll never be any downtime [with our product]," said Bharat Kumar, vice president of marketing for BakBone. "But customers who want data secured from point of source may be willing to have a slight performance loss in order to have a more cost-effective solution."

Indeed, it's the cost issue that may ultimately find BakBone a place in the market. With 10 clients, a smaller customer can turn on encryption with the BakBone product for just $2,000, as compared to hardware boxes that start at around $25,000.

"In some sense," according to Preston, "It's not a fair comparison. It's kind of like comparing a bicycle to a BMW."

For a larger customer that encrypts everything, "the only answer is hardware boxes," Preston said. "But if you're Joe's Crab Shack and you want to protect one computer with people's Social Security numbers on it, and you can do it for $200, that's a good thing."

Dig Deeper on Financial services data management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.