Encryption appliances have now been available for several years, so what is holding up adoption? There are at least three reasons. The first, and arguably the biggest reason, is the unavoidable fact that if you choose to encrypt, you must also manage your encryption keys. While encryption may deter others from viewing your data, without a bullet-proof key management capability you could be "locked out" of you data, as well. For many, this is a far greater fear than the potential misuse of data from a lost backup tape, and it is the reason why appliance companies like Decru Inc. (now part of Network Appliance Inc.) and Neoscale Systems Inc. are focused so heavily on simplification of key management.
Another factor is concern over vendor lock-in, or, to put it another way, the lack of standards. Once you encrypt using a specific vendor's technology, that technology is also required to decrypt, meaning that there is a substantial barrier to transitioning from one product to another should the need occur.
Finally, the cost of purchasing, implementing, and managing a broad range of encryption products is also inhibiting adoption. Added to the other concerns cited, the result is a continued wait-and-see attitude.
Protecting data is a serious concern that is here to stay. The good news is that there are signs of hope. Draft standards are evolving for encrypting data at rest - IEEE P1619 for disk and P1619.1 for tape are progressing but have yet to be finalized. The next generation of tape drives will be integrating encryption capabilities. And, of course, we are all anxiously awaiting the fruits of the EMC acquisition of security-leader RSA.
Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at jimd@glasshouse.com