Spectra T50e - Passwords and Other Identifiers

To Next Page

To Previous Page

Chapter 10—Encryption and Key Management BlueScale Key Management

August 2017 User Guide—Spectra T50e Library

298

 Createprocedurestohandleencrypteddatathatis,ormaybe,

compromised.Makesureyoucanidentifythedataassociatedwithany

compromisedkeyorkeys.Youmaywanttotakeallcompromiseddata

anddecryptitandthenre‐encryptitandstoreitinanalternatelocation

tominimizethepotentialforunauthorizedaccess.Youalsoneedto

investigatetheincidentinvolvingcompromiseddataandtake

appropriateactionsifidentity‐relateddatawasexposed.

Special Considerations When Using BlueScale Encryption

Professional Edition

 Drive‐basedencryptiononlyallowsoneencryptionkeypercartridge,

regardlessofthenumberofkeysstoredonthelibrary.

 Tosimplifydatarestorationincaseofdisasterrecoveryandtoachieve

businesscontinuitygoals,makesurethatcriticallyimportantdatais

storedonaseparate,well‐identifiedcartridgeandthatonlyonekeyis

usedforencryptingallthedataonthecartridge.

 YoumaywanttotakeadvantageoftheM‐of‐Nsharesoption.This

optionletsyousplitanexportedencryptionkeyintomultiplefiles,or

shares,eachstoredonaseparateUSBdeviceoremailedtoseparate

mailrecipients.Somespecifiedsubsetofthesharesisrequiredto

importtheencryptionkeyintothelibrary.Splittinganexportedkey

intomultiplesharesfurtherprotectsdatafromunauthorizedaccess.

Forexample,ifyouchoosethe2‐of‐3sharesoption,theexported

encryptionkeyissplitintothreeshares(M).Inordertoimportthe

encryptionkeyintothelibrary,twooftheshares(N),eachonaseparate

USBdevice,mustbepresent.

Passwords and Other Identifiers

BlueScaleEncryptionrequiresyoutosupplypasswordsandmonikers(key

names)whenconfiguringandusingtheencryptionfeature.Yoursitemay

wanttoconsiderimplementingspecificrulesthatgovernhowtheseare

created.

Superuser Login/Encryption Passwords BlueScaleEncryptionrequiresa

separatepasswordfromtheoneusedtologintothelibraryinorderto

accessthelibrary’sencryptionfeatures.Thispasswordmustbeentered

afterauserwithsuperuserprivilegeslogsintothelibrary.

IfyouareusingProfessionalEdition,youhavetheoptiontosetthree

separateencryptionpasswords.Ifyouselecttousethisoption,twoofthe

threeencryptionpasswordsmustbeenteredinordertoimportBlueScale

encryptionkeysintothelibraryorexportthemfromthelibrary.

Other manuals for Spectra T50e