Spectra T50e - Page 304

To Next Page

To Previous Page

Chapter 10—Encryption and Key Management BlueScale Key Management

August 2017 User Guide—Spectra T50e Library

301

Medium Security Site

Thefollowingtabledescribesthesecurityconsiderationsandthesuggested

encryptionconfigurationforamedium‐sizedorganizationwith

250employees.

Security

Considerations

Strategy

Securitygoals Protectingcompanyfromlegalliabilityassociatedwithunauthorizedaccessto

datastoredontapeonsiteandoffsite,includingtransporttotheoffsitelocation.

Encryption

principals

ITseniorstaff,chiefoperatingofficer.

Datatoencrypt Intellectualproperty,financial,customer,andinventorydata.

Levelofsecurityto

implement

 BlueScaleProfessionalEdition,withmultiplekeys

 Standardinitializationmode:encryptionpartitionsenabledatstart‐up

 Multi‐usermode,withthreeencryptionpasswords

Datasetsrequiring

isolationfromother

encrypteddata

Separatepartitionsandkeysforthesedatasets:financialdata,inventorydata,

customerdata,andintellectualpropertydata.Withthisrequirement,thesite

mustuseaminimumoffourencryption‐enabledpartitions,alongwith

partition(s)fornon‐encrypteddata.

Keyescrow

method

Storekeycopieswithcorporatelegalcounselandapaid,trusted,third‐party

escrowservice.

Numberofcopies

ofeachkeytostore,

andlocations

Keepthreecopiesofeachkey:storeonewithcorporatelegalcounsel,twowith

thekeyescrowservice.

Keyrotationplan Createanewkeyeveryquarterforeachpartitiondedicatedtoencryption.

Trackingkey

monikers,exported

keypasswords,and

passwordtopermit

accessto

encryptionfeatures

Sendtokeyescrowserviceanencrypteddocumentthatincludesthepassword

usedtoaccessencryptionfeatures,superuserpassword,andallpasswords

necessarytoimportencryptionkeys.Thisfilecannotbecreatedorstoredona

networkedcomputer.Deletethefilefromthecomputerafterthedocumentor

fileistransmitted

securelytothekeyescrowservice.

Multiple

encryptionteams

(optional)

ThreeITadministrators,alongwiththeseniorITadminandtheCOO.

Scheduleandrun

drills

Annualevaluationandreview,alongwithwidercorporatesecurityplan.

Passwords  Passwordstoaccessencryptionfeatures:minimumof12characters,

includingatleastonenumberandoneletter

 Passwordtoexportandimportencryptionkeys:minimumof30characters,

includingatleastonenumberandoneletter

Main Page

Spectra T50e - Page 304

Table of Contents

Other manuals for Spectra T50e

Related product manuals