Practically you don't want to do that. You want them to be useless to someone who steals a tape since it could be a long time to never before you realize it's gone. All the tapes on the shelf look alike.
Since the tapes are physical, can't you protect them using different strategies? Like how banks protect stuff contained in safe deposit boxes? I imagine the stuff stored in safe deposit boxes can be quite sensitive too.
That's Iron Mountain's main business model, but it's considered good form not to leave it to them. Shit happens, and tape drives make it super easy to encrypt anyway.
That and banks don't seem to really try very hard nowadays, at least for retail customers. Maybe rich people have access to a better class of safe deposit boxes.
No, you encrypt at the tape drives themselves typically. Part of how they work is the also compress at the drive, but if you encrypt first there's no common entropy and the compression techniques work against you.
And picking and choosing is a recipe for disaster when something inevitably slips through and is leaked. Encrypt it all from orbit and let god sort it out.
If you’ve been physically penned aren’t you just rolling dice from then on anyway?
A financial org I worked for back in the day planned on slagging hardware in the event of a coloc breach of any sort including fire response. How else could you be sure?
