Atempo Adds Multi-Layer Security to Backup and Recovery Software

by Alex Woodie

You undoubtedly heard about the rash of high-profile security exposures made public earlier this year, when sensitive information about millions of people were put in jeopardy when Bank of America, Time Warner, and Ameritrade lost their backup tapes. Such events universally strike fear into the hearts of systems administrators and their bosses, but salvation may be found in the form of Atempo, a backup and recovery software developer that unveiled a new product this week designed to simplify the process of protecting backups.

On Monday Atempo announced the general availability of Time Navigator Security and Compliance Manager, a new option for users of Atempo's Time Navigator backup and recovery software. In a nutshell, Time Navigator SCM bolsters the security of backups by providing a framework for implementing and using a variety of security mechanisms, including public key encryption (PKI), digital signatures, and various encryption and hash algorithms.

While there are many solutions on the market for encrypting backups, Time Navigator SCM excels over basic encryption by providing greater granularity in terms of applying and enforcing security policies on different classes of data, different types of media, and different groups of users, says Stephen Terlizzi, vice president of global marketing for the Palo Alto, California, company. "What we do is offer different levels of encryption based on data type," he says. "You create a rule, apply it to a backup, and all the complexity is handled underneath by TimeNavigator."

There are three basic threats to data as it's moved among primary, backup, and archived storage levels, regardless of the media, Terlizzi says. First, there is the threat of eavesdropping, where data is intercepted in-flight, most likely by people external to the organization. Encrypting the data is good protection from eavesdroppers, he says.

But encryption does not address the second threat, tampering, which could be undertaken by people inside the organization, who have access to the data after it has been moved and decrypted. The use of digital signatures in Time Navigator SCM provides a degree of protection against tampering, and also addresses new laws mandating data access trails, Terlizzi says. The third major threat, impersonation, is handled by using PKI authentication.

Time Navigator SCM brings these three levels of protection together into a single product. The software employs various encryption algorithms, including AES (128, 224, and 256 bit), 3DES, Blowfish, TwoFish, and CAST 5; hash algorithms, including Whirlpool, Tiger, and the SHA algorithms; and digital signature algorithms, including DSA and RSA. "We'll deliver a crypto library and PKI with the product to those that aren't terribly sophisticated with security," Terlizzi says, adding that the software also works with other crypto libraries and PKI through APIs, which is important for users outside the U.S., where different security standards are in place.

Atempo is positioning Time Navigator SCM against several other security mechanisms, including encryption appliances from NeoScale Systems and Decru, according to Terlizzi. The problem with the hardware approach is that identical devices at each end of the encryption process are needed, and there's a lack of fine-grained control over different types of data, Terlizzi says. "All they see is data," he says. "That is a complexity problem."

Write once, read many (WORM) storage technology, while it has gained a lot of attention recently as a way to make media such as tapes, magnetic disks, or optical disks unalterable, also has its flaws, Terlizzi says. "Just because you put something on WORM . . . you could intentionally go and alter the data later on, and make new copies with new tapes," he says. By using hash algorithms in Time Navigator SCM to digitally sign certificates, "you can prove beyond reasonable doubt this hasn't been comprised."

The new product received a promising review from Jon Oltsik, an analyst with Enterprise Strategy Group, the Massachusetts group formerly called Enterprise Storage Group. "Atempo is demonstrating both security intelligence and enterprise vision with its recently announced SCM software module," Oltsik writes. "Its combination of encryption and advanced security functionality provides for today's storage security hot spots and next-generation requirements."

Time Navigator SCM is available now. The software runs on Windows and Unix servers, and works with a variety of agents currently available with its Time Navigator software, including agents for Windows, Unix, Linux, and Mac-OS platforms, but not the agents for OS/400 or NetWare. Pricing for the Time Navigator SCM server and 10 agents starts at $7,500. For more information, go to www.atempo.com.