In the US, encryption also covers a regulatory issue.  Many states now have 
laws that spell out the responsibilities of sites to protect "personally 
identifiable information" (information about persons including their financial 
info, medical info, etc.)

The short version is that if a tape goes missing and is not encrypted, the 
company is legally liable.
If the tape goes missing but is encrypted, no problem.

You can turn on encryption for 3592 and LTO tape drives just by adding the 
appropriate parms to the device class in TSM.  Very, very easy way to eliminate 
the legal issue.  

As a result, most of my customers who send tapes offsite use TSM encryption.  
The ones with the most sensitive data (financial and medical companies) use 
encryption for tapes that stay onsite, as well.   


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Remco Post
Sent: Sunday, June 12, 2011 3:39 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] tape encryption in TSM environment

Hi,

On 12 jun 2011, at 05:53, Mehdi Salehi wrote:

> Hi,
> Tape volumes canned be accessed if there is no TSM database. If 
> happens,

this is not exactly true. The tapes can be accessed. IBM just claims that it's 
hard/impossible to make sense of the data. That may or may not be true. There 
are some open source tools that do exactly that..

> restoring the database and gaining access to data seem to be very 
> difficult (at least for me ;) ). Do you think encryption feature of 
> tape drives has any value in TSM environments?
> 

Depending on your level op paranoia, and wether or not your shipping tapes 
off-site frequently.... yes.

> Thank you,
> Mehdi

--
Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622