ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Confidentiality of client data

1998-07-08 07:52:35
Subject: Confidentiality of client data
From: Luc Busschots <luc.busschots AT CERIX DOT COM>
Date: Wed, 8 Jul 1998 13:52:35 +0200 
Hello ADSMer's,

One of the major concernes of one of our customers to work with us
 for his backup is the confidentiality of his data.
One can indeed imagine a scenario where the systemadministrator gets
 his hands on all the data that is needed for a full ADSM-Server
 restore from scratch, and installs it on another Server, then reset
 the passwords of all the nodes (or the ones he is interested in),
 and is able to restore the customer's data without anybody knowing
 or noticing anything.
To assure him of confidentiality of his data, the only solution I
 see at this moment is encryption of his data before it is sent by
 the client to the server. This has to be done with respect to the
 rules that ADSM Server uses to keep track of the data (e.g. encryp-
 tion of transmitted data is not a valid option, because then the
 info like filename, size, creationdate, modified, ownership,.. is
 also encrypted and ADSM Server can't do anything with it.)
So here are my questions :

Q1 : Has anybody already written applications for encryption of
 clientdata, based on the ADSM API's, or knows about programs that
 can do this ?

Q2 : Talking to IBM about this, we came in contact with Endicott/ibm
 and found out that there is ADSM-Remote client which is targeting
 for service providers and this client can just do that.
On the GUI, you can select your files with B (normal backup) or E
 (backup encrypted), and it works well,.. but,..has a few disadvan-
 tages for us
      - Only available on a few platforms
      - minimum 100 client licenses
      - only client polling supported (not server prompted)
      - only one (weak) encryption algorithm (40bit DES)
At that time, (8 months ago), there were, and I quote
 "no current plans for new enhancements to the ADSM-Remote clients"
 " unless you and other potential customers generate sufficient   "
 " demand, then that possibility could be revisited               "
 and
 "regarding future enhancements, would adding encryption support  "
 " to ADSM V3 make that a viable solution ?                       "
At that  time, I wasn't aware of this ADSM-L, and had no idea how
  to find out if other companies would also like this possibility.
So, is there some interest out there for this encryption or are we
  the only one to struggle with this ?

Q3 : If Q1 and Q2 do not provide a solution, any other suggestion ?
     (Either on encryption or on how to assure the confidentiality)
  Running a preschedule to encrypt data in a special directory but
  without changing the creationdate or modified date if the original
  file is not modified and then get ADSM to backup this directory ?
  I've tested already a lot of these encryption programs and tried
  to make them work together with ADSM without loosing all the
  benefits, advantages and features of ADSM, but sofar no good
  solution found.


Thanks for your replies,
Luc

---------------------------------------------------------------
Busschots Luc
Busschots Luc
B.I.C.S.
Straatsburgstraat 3 rue de Strasbourg
1130  Brussels
Belgium

E-mail :Luc.Busschots AT Cerix DOT com
Tel : Int-32-2-702.36.12 *******  Fax : Int-32-2-702.36.00
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: EMC's Enterprise Data Manager, Sanders, David
Next by Date:  ADSM Manuals..., Dwight Cook
Previous by Thread:  HSM for Windows NT (continued), Eric van Loon
Next by Thread:  Re: Confidentiality of client data, Richard Sims
Indexes:  [Date] [Thread] [Top] [All Lists]