Wow - that's some database!  Sounds to me like the encryption of data
across the network really shouldn't matter to them - they had better be
making sure their network is secure to begin with!  It's much easier to
access the database directly than to access the backups of the database,
then recover them.  So they had better have electronic security covered
before a backup ever happens.

Now to the TSM tape library.  If this is really that important, the
facility you are in had darn well better be physically secure, right?  Your
average Joe can't just walk into the facility, open a door to the raised
floor area, take a bunch of tapes out of the library, and walk out with
them - or he better not be able to.  So the data in your library is safe.
So the onsite copy of the data should be secure before a backup ever
happens.

Offsite gets more fun.  A trusted carrier is vital, no questions about it.
Possibly even someone internal to the company - the TSM admin, SysAdmin, a
DBA, someone who could already get all of this data if they wanted to, or
at least the corporate security group.  So what happens if the shipment
gets hijacked?  Maybe a special turtle case that has a lock (not just a
physical lock, but maybe electronic, too.  Key, keypad, thumbprint, retinal
scan...), and if it is opened without the lock(s) being deactivated, the
tapes get degaussed.  3590 tapes are unusable after being degaussed, but
you don't care - they're in the hands of the bad guys now!

Oh, and a trusted vault.  The vault needs to have the same security as the
raised floor.

Yes, it would be "easier" to encrypt the data in TSM, but it doesn't solve
all the other issues that have to be addressed, and, by solving those other
issues, you eliminate the need to encrypt the data in TSM.

Nick Cassimatis
nickpc AT us.ibm DOT com

Today is the tomorrow of yesterday.