ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TSM has built-in encryption?

2008-03-12 15:37:35
Subject: Re: [ADSM-L] TSM has built-in encryption?
From: Roger Deschner <rogerd AT UIC DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 12 Mar 2008 14:34:47 -0500 
.
I'm with Alan here. There are certain types of data I don't want to have
access to, not even the encryption keys. We back up some data for the
UofI Medical Center, and the HIPPA, SOCKS, and just plain lawsuit
possibilities are so mind-boggling, that I want certain types of this
data to be inaccessible *TO ME*. Furthermore, switching hats here, I'm
also a patient in that same medical center, which is a real
perspective-changer.

Consider a file called patient.ssn.txt. Now go dismantle live nuclear
weapons for relaxation. Client-level encryption protects *ME* when I
have to answer the question in court, "Mr. Deschner, as backup
administrator, is it true that you could have accessed file
patient.ssn.txt?" I want to be able to say, "Your honor, while it is
possible I could have known of the file's existence, I could not have
examined its contents, because it was encrypted before it was ever sent
across the net to my server." (Sorry to repeat myself here but this
exact question has scared me, as we start to handle e-discovery requests
on a monthly basis. The feds just issued an overall e-discovery request
covering all current and all backed-up data for several entire state
agencies, fishing for dirt on Governor Blagojevetch. Fortunately the
University was not one of the agencies named.)

That said, I prefer for them to specify encryption on a file or
directory basis, rather than whole-computer, because encryption
completely negates and turns off deduplication and/or compression. It's
bad enough that we're storing many copies of the Windows XP OS, Mac
OS/X, and MS/Office executables, but someday I'd like to be able to
deduplicate those.

Roger Deschner      University of Illinois at Chicago     rogerd AT uic DOT edu
               Academic Computing & Communications Center


On Tue, 11 Mar 2008, Allen S. Rout wrote:

>
>> Trusting the TSM administrator: I'm not saying that TSM
>
>> administrators are an untrustworthy lot. But with client-key
>> encryption you don't have to trust the TSM admin and it is a big
>> difference. If I offer a TSM service, backup "through a hole in the
>> wall" or what it is called, the customer can set the encryption key
>> himself and even if I wanted to, would have no chance of retrieving
>> his data and giving it away. The backup is as secure as the
>> customers own standard for protecting the key. He does not have to
>> rely on the supplier of the TSM service.
>
>That's my key talking point.  IMO, if they're encrypting, they're
>trying to assert control over their data.  If the TSM admin can read
>their data, then they're not in control over it.
>
>- Allen S. Rout
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Problems with TSM and the /opt directory on linux, Kauffman, Tom
Next by Date:  Re: [ADSM-L] 3494 and 3592 WORM media, William Boyer
Previous by Thread:  Re: [ADSM-L] TSM has built-in encryption?, Allen S. Rout
Next by Thread:  [ADSM-L] Netapp/ADIC I2000 path woes, Shawn Drew
Indexes:  [Date] [Thread] [Top] [All Lists]