A colleague asks you if the added cost of using encrypting tape drives and sending the tapes offsite is warranted, since your IT organization already has large security investments such as
firewalls and database table encryption.
What is your response?
The correct firewall rule set would make encrypted tape drives obsolete, but there has not
always been strong confidence in the firewall administrators.
Encrypted database tables only protect data against inappropriate access by super users such
as database or server administrators abusing root privileges.
Encrypt tape drives as part of a defense in depth strategy to ensure that one security
mechanism being compromised does not expose all information to a malicious user.
The existing firewalls and database table encryption do not replace encrypted tape drives, but
implementing an intrusion protection system (IPS) will make tape encryption obsolete.