ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Tape Erasure

2007-02-17 12:00:48
Subject: Re: Tape Erasure
From: Roger Deschner <rogerd AT UIC DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Sat, 17 Feb 2007 11:00:24 -0600 
.
True, but "other tools" should not have access to the tapes. If they do,
then you've got a much larger data integrity problem to solve. Reading
beyond the end-of-tape mark is not possible when the only program able
to access the tape is the TSM server. If there is a way to run these
"other tools" against your tapes, then they could get the live backup
data as well, not just the old data on scratch tapes. I hope you are not
intermixing your TSM scratch tapes with a larger scratch pool used by
multiple applicaitons.

Tapes in TSM should be under the physical control of the TSM
administrators, either in a locked tape library in a secure machine
room, or under suitable physical control at all times while being moved
to/from offsite storage. If they're not willing to trust you and/or Iron
Mountain, then they've got larger problems to deal with.

In Illinois, BY LAW (Illinois Public Act 93-0306), "data shredding" must
be repeated ten (10) times. The enormous resources that would take
necessitates tactics other than data shredding. Secure reuse and
physical destruction are what we use.

If they are really that paranoid, they should require client encryption
for all TSM clients, as well as comitting the financial resources to
upgrade each client system so that they can handle the added client
processor load of that encryption. If all data is encrypted at the
source, then who cares about old data left on scratch tapes? It was
encrypted in the first place. However, they must also be aware that
under a scenario where all client data is encrypted at the client, they
may not be able to restore some data in some cases such as a terminated
employee who takes the encryption key for their client's data with them
as they are shoved out the door. In general, if they do not have faith
in the integrity of the backup system, whatever it is, then encryption
of data at the source is the only answer.

Roger Deschner      University of Illinois at Chicago     rogerd AT uic DOT edu
======= "Copy protection: a headache only for the law-abiding." ========
=========================== --New York Times ===========================




On Fri, 16 Feb 2007, Helder Garcia wrote:

>>
>> Are you looking at erasure before reuse? I can't see a reason for this.
>>
>
>Yes, there are reasons. While you're reusing the tape, there is still old
>data on the "unused" part of the tape that can be read with other tools.
>
>--
>Helder Garcia
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: backing up a clustered Windows server, Mark Stapleton
Next by Date:  Re: Tape Erasure, Helder Garcia
Previous by Thread:  Re: Tape Erasure, Richard Sims
Next by Thread:  Re: Tape Erasure, Helder Garcia
Indexes:  [Date] [Thread] [Top] [All Lists]