Spectra T50e - Page 305

To Next Page

To Previous Page

Chapter 10—Encryption and Key Management BlueScale Key Management

August 2017 User Guide—Spectra T50e Library

302

High Security Site

Thefollowingtabledescribesthesecurityconsiderationsandthesuggested

encryptionconfigurationforanenterpriseorganization.

Security

Considerations

Strategy

Securitygoals Protectingallstoreddata.

Encryption

principals

ITseniorstaff,chiefoperatingofficer,chiefsecurityofficer,chieftechnology

officer.

Datatoencrypt All.

Levelofsecurityto

implement

 BlueScaleProfessionalEdition,withmultiplekeys

 SecureInitializationMode:Afterthelibrarypoweristurnedon,the

encryptionusermustenterthepasswordtoenablepartitionsdedicatedto

encryption

 Multi‐usermode,withthreeencryptionpasswords

Datasetsrequiring

isolation

Eachdatasetisseparatelykeyed,asdefinedbythedepartmentgenerating

data.

Keyescrow

method

Storekeycopieswithtworemotecorporatelegalcounselofficesandalsowitha

paid,trustedthird‐partyescrowservice.

Copiesofeachkey

tostore,andthe

storedkey

locations

Keepthreecopiesofeachkey:storeoneatthemainofficeofcorporatelegal

counsel,twowiththekeyescrowservice.

Keyrotationplan Createanewkeyeverymonthforeachpartitiondedicatedtoencryption.

Trackingkey

monikersand

passwords

Sendtothekeyescrowserviceanencryptedfilewithencryptionaccess

passwordsandsuperuserpasswords.Sendtocorporatelegalofficealistof

passwordsusedtoexportkeys.Fileswiththisdatacannotbecreatedorstored

onanetworkedcomputer;deletefileorfilesfromthecomputeroncedata

is

transmittedsecurely.

Multiple

encryptionteams

(optional)

SeniorITadmin,chiefoperatingofficer,chiefsecurityofficer,chieftechnology

officer.

Scheduleandrun

drills

Quarterlyevaluationandreview,inconjunctionwithwidercorporatesecurity

plan.

Passwords  Passwordstoaccessencryptionfeatures:minimumof15characters,

includingatleastonenumberandoneletter

 Passwordtoexportandimportencryptionkeys:minimumof40characters,

includingatleastonenumberandoneletter

Main Page

Spectra T50e - Page 305

Table of Contents

Other manuals for Spectra T50e

Related product manuals