The following guidelines outline the essential tasks required to protect encryption
keys:
• Save one or more copies of every key using the Key Export option on the
Encryption Configuration screen (see Export the Encryption Key on page126).
CAUTION
As a matter of best practice, Spectra Logic recommends exporting encryption
keys to a USB device or RMI download instead of using email.
Although emailing encryption keys is supported by the library, doing so
presents security issues, including the following:
l Copies of encryption keys may be left on the email servers used for
sending and receiving email and are thus subject to compromise.
l The difficulty in verifying where all the copies of emailed encryption keys
may be located can make security audits more challenging.
• If you choose to store only a single copy of an encryption key, make sure that you
keep the copy secure. If something happens to the device where you stored the
exported key and the key was deleted from the library, both the key and all data
encrypted using the key are unrecoverable.
CAUTION
To emphasize: If you lose the encryption key or the password for the exported
file, your data is unrecoverable if the key was deleted from the library. You
need to balance the number of copies of the key to store to guarantee access to
the encrypted data against the security risk associated with storing multiple
keys. Make sure that the key was successfully exported prior to removing a key
from the library.
• Store encryption keys offsite in a location other than the site used for media
storage. Confirm that the key is stored correctly on the USB device or was received
by the intended recipient before deleting the key from your library. If you delete
the key, you must import the key back into the library in order to decrypt the data
that was encrypted using the key. Importing keys is described in Import the
Required Key Into the Library on page133.
• You may want to make two copies of a key, storing each in a secure location. Keep
a record of each key’s location so that you can easily find the key when you need
to restore or delete data.
• Maintain a list of every password associated with each key and securely store the
list. Never keep this list as cleartext (unencrypted text) on a networked computer,
or send it through email as cleartext. For added security, encrypt the file
containing the list of passwords.
JANUARY 2023 130
SPECTRA STACK LIBRARY
USER GUIDE
CHAPTER 3 - CONFIGURING AND USING ENCRYPTION
To Next Page
Loading...
