Spectra T50e - Site Security Examples

To Next Page

To Previous Page

Chapter 10—Encryption and Key Management BlueScale Key Management

August 2017 User Guide—Spectra T50e Library

300

Site Security Examples

Thefollowingsectionsprovideexamplesofdifferentsecurityscenarios.

Low Security Site

Thefollowingtabledescribesthesecurityconsiderationsandthesuggested

encryptionconfigurationforasmallcompanywith75employ ees.

Security

Consideration

Strategy

Securitygoals Protectingcompanyfromlegalliabilityassociatedwithunauthorizedaccessto

datastoredontape,bothonsiteandoffsite,includingtransporttotheoffsite

location.

Encryption

principals

ITadministrator,companypresident,corporatelegalcounsel.

Datatoencrypt Financialandconsumeridentitydata.

Levelofsecurityto

implement

BlueScaleStandardEdition:singlekeyperlibraryissufficient.

Standardinitializationmode:encryptionpartitionsenabledatstart‐up.

Datasetsrequiring

isolation

None.Asinglepartitionforencrypteddataissufficient.

Keyescrow

method

Staffatcompanyescrowkeysatasiteremotefromthedatastoragelocation.

Copiesofeachkey

tostoreandtheir

locations

Keepthreecopiesofeachkey:onewiththeseniorITadministrator,onewith

thecompanypresident,oneinacorporatesafetydepositbox.

Keyrotationplan Createanewkeyeverysixmonths.

Trackingkey

monikersand

passwords

Onanon‐networkedcomputerthatsupportsencryption,createoneormore

chartsorlistswiththisdata,includingkeymonikers,datesused,encryption

andsuperuserpasswords,andpasswordsusedtoencryptexportedkeys.For

additionalsecurity,youmaywanttoavoidtrackingtherelationshipbetween

monikersandtheencryptedcartridges.

Thelibrarypromptsfortherequired

monikerwhenyourestoreencrypteddatafromacartridge.

Multiple

encryptionteams

(optional)

Configureaseparatesetofuserswhoareresponsibleformanagingencrypted

data.Theseusersmaybethesameasthoseidentifiedastheencryption

principals.

Decryptand

restoreencrypted

data

Regularlyreviewdataencryptionanddecryptionprocedurestomakesurethat

backupsandrestoresareworkingproperly.Runteststoensurethatencrypted

datacanbedecryptedandrestoredwhenneeded.

Passwords  Requirepasswordswithaminimumof12characters,includingatleastone

numberandoneletter,toaccesstheencryptionfeatures.

 Requirepasswordswithaminimumof30characters,includingatleastone

numberandoneletter,toexportandimportencryptionkeys.

Main Page

Spectra T50e - Site Security Examples

Table of Contents

Other manuals for Spectra T50e

Related product manuals