How secure are TSM tapes ?

J

jfmartin

ADSM.ORG Member
Joined
Oct 26, 2002
Messages
6
Reaction score
0
Points
0
Website
Visit site
Hi,



One of our customers wants to have a seperare set of tapes to backup a database that is highly sensible... doing so would need to revise our production plan on our TSM servers (1 primary pool for this specific backup, one copy pool for internal copy of the primary pool,, another copy pool for the external copy of the primary pool).



So, we try to convice the guy that if someone happend to be able and get one tape of backup with TSM, he won't be able to do nothing with it because the database is needed to restore information from the tape...



What do you think of this assumption ? Is a TSM tape secure by itseof ? If not, What solution do we have on the market ? :confused:
 
You are correct.

The tape(s) by themselves are useless without the TSM database.

You can not get another TSM server to read the tapes. The TSM server would be aware that there is something on the tape but it have no idea what is written on the tape(s).



Sias
 
The backup tape itself is secure without the other components. Anyone who would try to access the data would find nothing more than an unreadable set of files on the tape. The database and log tapes just need to be kept somewhere other than the site where the pool tapes are stored.
 
Even if the DB backup tapes are kept in the same location as the data tapes, unless you know which tape is the DB backup.....and what version of TSM it came from, then that data tapes are nothing but garbage. It's kinda like security through obsecurity added to an encrypted tape. You have to jump through 3 holes...at the same time, just to get to the data. And even then you also need to have TSM knolwedge...and knowledge of how the app was backed up...and...and...



Also, I think there is an option in the newer versions of TSM to enable encryption at the client level. Encrypt - Spread across multiple tapes - ONE of those tapes has the server key(DB) - NONE of them have the client key....and you have to guess which one. I don't think there is a better solution out there.



-Aaron



(I've heard that IBM can get data back from a data tape without the DB tape for a VERY high price, but even they can't get data back if you encrypt it at the client)
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,975
Messages
135,450
Members
21,953
Latest member
jrogers
Back
Top