Chapter 10—Encryption and Key Management BlueScale Key Management
August 2017 User Guide—Spectra T50e Library
295
Best Practices
Toeffectivelyusekeymanagementandtoensuredatasecurity,createan
encryptionstrategyandbackitupwiththeappropriatestaffandcustom
strategiesbasedonyoursecurityrequirements.
People
Identifythekeypeoplewhoareresponsibleformanagingtheencryption
ofdatawrittentotape.
Superuser Oneormorepeoplewhohavesuperuserprivilegesonthe
library.Onlyasuperusercanaccessandconfiguretheencryptionfeatures.
See
UnderstandingUserGroupsandSecurityonpage96forinformation
aboutthethreetypesofusergroupsandwhattypesofprivilegeseachhas.
Encryption Password Holder Oneormoresuperuserswhohavethe
library’sencryptionpassword(s).
Whendeterminingthenumberofsuperusersandencryptionpassword
holders,balancetheneedsforsecurityandavailabilityfortheencrypted
data.Itmaybewisetohavemorethanasingleuserfamiliarwith
passwords,dependingonthesizeofyourorganization,sothatifone
personisnotavailable,another
cantakeover.
Keys (Data Set
Isolation)
Singleencryptionkeystoredon
thelibraryatatime.
Thesamekeyisusedforall
partitionsconfiguredtouse
encryption.
Upto30encryptionkeysstoredonthe
library.
Separateencryptionkeyscanbe
assignedtoeachstoragepartitionto
isolatedatasets.
Key Export and
Import
Asinglepasswordisusedwhen
exportingandimportingthe
encryptionkey.Theencryptionkey
isexportedinasinglefile.
ChoiceofusingoneorM‐of‐Nshares
withmultiplepasswordstoexportand
importkeys.WiththeM‐of‐Nshares
option,asinglefileofencryptedkeydata
issplitintomultipleparts,orshares(N),
andsomespecifiedsubset(M)isrequired
toimportthefilecontaining
thekeydata.
Compression Drive‐basedcompressiononly.
Compatibility
between Software
Editions
Dataencryptedusingeithersoftwareeditioncanbedecryptedbyalibrary
runningtheotheredition.
Feature Standard Edition Professional Edition