I would like to see ADSM clients that support encryption of backups and
archives, too, but I see a problem: The moment IBM adds support for
encryption to ADSM clients, they would become cryptographic products and
thus would be subject to the corresponding US export restrictions. There
are at least two very undesirable consequences: (1) The clients could not
be provided for downloading any more, because that would mean they are
available to any countries that have internet access - even those that are
classified as supporting terrorism - and (2) the encryption supported (at
least in international versions) could not be very strong.

I suggest another solution: IBM, which - together with its subsidiaries
Lotus and Tivoli - offers products that use or would benefit from
encryption, should team up with other companies (RSA ???) to design an
open, platform-independend API that allows applications that use encryption
to communicate with products that provide encryption services. I am shure
that companies around the world that offer cryptographic products would
soon jump in and support this API. IBM would still provide ADSM (and other
products) without embedded encryption, but anybody would be able to encrypt
backups and archives with cryptographic methods of the strength one needs.

A little bit dreaming (but hoping this dream coming true) - Alfred Novacek


Reinhard Mersch wrote:
>I would like to "push for" that requirement. How can I do that?
>
>For me, it is not only a data format issue, as Tom Kauffman suggested.
>We have got user groups living behind a fire wall, who feel quite
>comfortable regarding the security of their un-encrypted data, but they
>hesitate to give that data to us. One of these user groups will soon
>have their own ADSM server (behind their fire wall), and they plan to
>exchange data with our ADSM server via server-to-server communication;
>the same problem arises here.
>
>We _definitely_need_ the ADSM client's ability to encrypt data. And the
>ADSM server, in it's role as a ADSM client via server-to-server comm.,
>should also be able to do that.
>
>Hough, Peter writes:
> > This is a requirement of ADSM that I have had for some time. Other
> > backup products already have it.
> > I was told that it would make it into the product if enough people
> > expressed an interest. IBM did create special V2 clients for Windows
> > and Netware that included encryption, so they know how big/small a job
> > it is.
> > I suggest that anyone who is interested in having data encryption
> > should push for it to be included in the product as soon as possible.
> >
> > Peter Hough
> > Guardian DR
> >
> > ----------
> > From:  Lambelet,Rene,VEVEY,FC-SIL/INF.[SMTP:Rene.Lambelet AT NESTLE DOT COM]
> > Sent:  Thursday, December 17, 1998 4:04 PM
> > To:  ADSM-L AT VM.MARIST DOT EDU
> > Subject:  Is data encrypted in storage pools?
> >
> > Hello,
> >
> > my boss gets very concerned about data security and the backups.
> > Can anybody tell me if the adsm backups are encrypted or not when
> > written
> > onto tapes? We all know that compression is not secure enough.
> > In other words, if somebody gets a cartridge containing backed-up
> > files
> > (storage pool), will he be able to read the data using a dump
> > programm?
> >
> > If not encrypted, are there any plan to do it?
> >
> > Thanks a lot,
> >
> > Rene Lambelet
> > Nestec SA - 55, Av. Nestle - CH-1800 Vevey
> > Tel: ++41'21'924'35'43 / Fax: ++41'21'924'45'89
> > E-Mail: rene.lambelet AT nestle DOT com
>--
>Reinhard Mersch                        Westfälische Wilhelms-Universität
>Zentrum für Informationsverarbeitung - ehemals Universitätsrechenzentrum
>Roentgenstrasse 9-13, D-48149 Muenster, Germany    Tel: +49(251)83-31583
>E-Mail: mersch AT uni-muenster DOT de                     Fax: +49(251)83-31653


------------------------------------------------------------------------
Dipl.-Ing. Alfred Novacek
Dipl.-Ing. Alfred Novacek
Institute for Data Processing in Business Administrations,
     Economics and Social Sciences
Johannes Kepler University Linz / Austria
E-Mail: Novacek AT idv.uni-linz.ac DOT at
        Novacek AT pop.idv.uni-linz.ac DOT at
WWW: http://www.idv.uni-linz.ac.at