Archive Security in a Tiered Storage Environment

By | September 26, 2006

The use of tiered storage is becoming increasingly popular within many organisations, driven by the need to meet often-conflicting demands of information access, cost-reduction, regulatory compliance and risk management. The proliferation of different disk, tape and optical technologies in combination with new software solutions enables significant cost savings by matching the appropriate storage architectures to specific business requirements. At the same time, however, a tiered storage strategy introduces new security challenges particularly with respect to the long-term retention and accessibility of corporate information.

Archive data and storage technologies

The identification of archive grade data is a reasonably straightforward place to begin for those looking to develop an Information Lifecycle Management (ILM) strategy. Simply put, it is when archive data is no longer being actively created, modified or accessed. It requires less frequent access and therefore can be off-loaded from expensive, high-performance hardware to less expensive and more secure alternatives.

The most common technologies used in professional archive environments are magnetic disk, magnetic tape and optical storage. When used in professional archive applications, all of these technologies can be combined with other components to create more redundant and automated solutions. While each has its own strengths, they also present specific security challenges.

There are a number of major considerations required to secure the integrity and availability of archived information over time.

Controlling access

Controlling access, as with any security management, begins by physically preventing unauthorised personnel from approaching the archive system and to prevent individual archive records from being accessed by another person through encryption. File encryption techniques are independent of the storage media and can be used with disk, tape or optical and are incorporated directly into next generation tape and optical drives. Companies should never use file encryption as the only method of controlling access, since it does not guard against other security risks and cannot be considered 100% future-proof.

Data integrity

It is important that the chosen storage technology employs verification procedures so that all records written to the media are correct and complete.

When data is written to a disk or to professional optical storage such as UDO (Ultra Density Optical) it is fully verified so that the application or user can be certain the record has been accurately recorded. This is not necessarily the case for tape media or consumer optical products like DVD and Blu-ray. It is advisable to use the highest media quality that can be verified at the time it is written.


For many organisations, the need to demonstrate the authenticity of individual archive records is paramount, driven by the need to comply with industry regulations and risk management policies. This is clearly, however, a multifaceted requirement since no single product feature of capability can guarantee absolute record authenticity and immutability. A number of interlocking procedures need to be considered.

Disk, tape and optical all offer WORM (Write Once Read Many) versions of their products, which are specifically designed to prevent the alteration of the data once written to the media. However, not all WORM products offer the same level of protection and only optical storage offers physical WORM functionality that cannot be modified in any way.

The ability to track and identify individual pieces of storage media can further strengthen the case for record authenticity. A unique, software readable serial number allows applications to track when and on which specific piece of media records have been archived. Furthermore, digital signatures can be a very effective way of tracking an archive record and operate at file level across all media.

Leave a Reply