Greetings,
In any encryption solution you pick, key management is crucial. Who
is responsible to generate the keys? How often are they changed? Who
maintains a long-term archive of the keys so you can unencrypt data that was
encrypted years ago, if necessary? How are multiple, concurrent copies of
the key database maintained, so that in a DR situation you don't loose all
your keys.
Some products consider all these questions. Decru and Neoscale make
FC based encryption appliances that allows you to encrypt your data onto
tape. Decru's has comprehensive key-management, with all the automated
redundancy for DR purposes you might need. Neoscale might have this as
well, but I have not read up on that one as much.
Best Regards,
John D. Schneider
Technology Consultant - Backup, Recovery, and Archive Practice
EMC² Corporation, 600 Emerson Road, Suite 400, St. Louis, MO 63141
Phone: 314-989-3839 Cell: 314-225-9997 Email: Schneider_JohnD AT emc DOT com
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Richard Sims
Sent: Friday, January 13, 2006 7:39 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] tape encryption and TSM
On Jan 13, 2006, at 8:30 AM, Murray, Jim wrote:
> I would be more interested in the answer not so much as recovery of
> data
> but in securing data. Being a financial institution we have
> regulatory
> requirements for data protection, new State laws say I must encrypt
> all
> data on tape that is moved off site.
Jim - As Geoff alluded, the List has reviewed solutions in the past...
If data cannot be sent encrypted from the client, then another
solution is to insert an appliance in the tape write path, such as
CryptoStor Tape, from http://www.neoscale.com/.
Richard Sims
|
