Spectra T50e - Page 299

To Next Page

To Previous Page

Chapter 10—Encryption and Key Management BlueScale Key Management

August 2017 User Guide—Spectra T50e Library

296

Processes

Considerthefollowingwhenestablishingyourencryptionprocedures:

Startup Security

 Developproceduresfortrackingusernamesandpasswords.Makesure

onlytheauthorizedusersknowtheencryptionpasswords,andthatthe

passwordsthemselvesaresecure.RefertoPasswordsandOther

Identifiersonpage298formoreinformationonsettinguppasswords.

 Optionally,identifyaprimaryandsecondaryencryptionteam,sothat

youhaveredundancyinyourencryptionstrategy.Althoughthatmeans

theinformationrequiredtodecryptdataisspreadacrossmorepeople,

italsomeansthatrestorationofencrypteddatamaybemucheasier,

andyoumayultimatelyhavemoredataprotectiongiventheextralayer

ofcoverage;forexample,ifauserleaves,youarenotinapositionto

losedata.

 Determinethelevelofsecuritytouseatstartup.Botheditionsof

BlueScaleEncryptionpermitastandardmodeandasecure

initializationmode.Instandardmode,dataisencryptedandrestored

assoonasthelibraryisstartedwithnofurtheractionrequired.In

secureinitializationmode,thepartitionsconfiguredtouseencryption

arenotaccessibleforbackuporrestoreoperationsuntilauserwith

superuserprivilegeslogsintothelibraryandenteredtheencryption

password.(SpectraSKLMdoesnotusethesecureinitializationmode.)

Data to Encrypt

 Decidewhethertoencryptalldataorasubset.Ifallofthesite’sdatais

tobeencryptedonbackup,thenasinglepartitioncouldbesufficient.If,

however,youarebackingupsomedatawithoutencryption,createa

partitiondedicatedtoencrypteddata,andanotherfornon‐encrypted

data.

 Determinewhethertheencrypteddatacanbegroupedtogetherorifit

mustbeisolatedintosets.Ifsetsofencrypteddataneedtobeisolated

fromeachother,createseveralencryptedstoragepartitions,eachusing

adifferentencryptionkey.Forexample,yoursitemaystorefinancial

dataasonesetandconsumeridentityinformationasaseparateset.

BlueScale Encryption Key Protection

BlueScaleEncryptionusesAES‐256encryption,whichisasymmetric,

privatekeyencryptionmethod.BlueScaleEncryptionidentifieseachkey

bythemoniker(nickname)usedtogeneratethekey;thekeyitselfisnever

displayed.Inaddition,keysareencryptedbeforetheyareexportedandthe

filecontainingthekeyispassword

‐protected.

Main Page

Spectra T50e - Page 299

Table of Contents

Other manuals for Spectra T50e

Related product manuals