Tape encryption overview

Edit online

All the supported tape drives in the IBM® Diamondback tape library can encrypt data as it is written to a tape cartridge.

Encryption is performed at full line speed in the tape drive after compression. (Data is compressed more efficiently before it is encrypted.) This capability adds a strong measure of security to stored data without any processing usage and performance degradation.

The following elements comprise the tape drive encryption solution:

The encryption-enabled tape drive: Encryption capability means that they are functionally capable of performing hardware encryption, but this capability is not yet activated. To perform hardware encryption, the tape drives must be encryption- enabled . Encryption can be enabled through the management GUI.
Note: Transparent LTO Encryption is standard with the tape library.
Encryption policy: This is the method that is used to implement encryption. It includes the rules that govern which volumes are encrypted and the mechanism for key selection. How and where these rules are set up depends on the operating environment.; Encryption policy is managed at the logical library level. The Logical Libraries GUI page is used to enable encryption for a logical library and modify the encryption method that is being used. The Security GUI page is used to manage key servers and key labels.

Note: In the tape storage environment, the encryption function on tape drives (desktop, stand-alone, and within libraries) is configured and managed by the customer. It is not configured and managed by the IBM System Services Representative (SSR).