ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: don´t aynone know anything about Encryption in TSM.

2002-04-04 00:30:17
Subject: Re: don´t aynone know anything about Encryption in TSM.
From: Andrew Raibeck <storman AT US.IBM DOT COM>
Date: Wed, 3 Apr 2002 23:28:54 -0500 
>> What could a customer do for DR of a client which lost it's encryption key 
and needed to restore data from the TSM backup (encrypted). <<

Start guessing, I suppose. Other than that, they would be out of luck. 
Like I said below:

"someone intercepting the TSM server database and storage pool volumes 
could not restore the data without the encryption key (unless they can 
hack it, but then any encryption scheme is subject to hacking)."

While that was presumably in the context of someone illegitimately trying 
to access the data, that isn't really pertinent. No matter who is trying 
to access the data, legitimate or now, they won't be able to get the data 
without the encryption key. There is nothing we at IBM can do to get the 
data back, as we build no "back doors" into the product (if we did, that 
would be a potential security issue).

Someone else made a post on this topic and mentioned something about 
encryption key management. I am not familiar with the formalities of this 
discipline, but it seems to me that if you are going to start encrypting 
your TSM data, you should consider implementing policies for managing 
encryption keys.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.




"Joshua S. Bassi" <jbassi AT IHWY DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
04/03/2002 16:28
Please respond to "ADSM: Dist Stor Manager"

 
        To:     ADSM-L AT VM.MARIST DOT EDU
        cc: 
        Subject:        RE: don´t aynone know anything about Encryption in TSM.

 

Andy,

What could a customer do for DR of a client which lost it's encryption
key and needed to restore data from the TSM backup (encrypted).


--
Joshua S. Bassi
Joshua S. Bassi
Sr. Solutions Architect @ rs-unix.com
IBM Certified - AIX/HACMP, SAN, Shark
Tivoli Certified Consultant- ADSM/TSM
Cell (415) 215-0326
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Internal Server Error Detected., Pothula S Paparao
Next by Date:  Re: switches for DSMADMC command, Andrew Raibeck
Previous by Thread:  Re: don´t aynone know anything about Encryption in TSM., Andrew Raibeck
Next by Thread:  Re: don´t aynone know anything about Encryption in TSM., Bill Mansfield
Indexes:  [Date] [Thread] [Top] [All Lists]