We do hardware encryption to LTO-5 tape media for our off-site tapes. The
encryption key is burned to a CD, which is locked away in a safe in a
building that is separate from where our tape library is located. Our
tapes are shipped off-site daily without the key. Our off-site storage
facility does not have access to the encryption key at any time.

On 7/21/2011 1:03 PM, "Clark, Patti" <clarkp AT OSTI DOT GOV> wrote:

>While not specifically a Networker question, it comes under the backup
>management part of the equation.  For offsite storage where there is a
>third party vendor, for example Iron Mountain, what do folks who use
>encryption do for their encryption keys?  Do you co-locate them with the
>vendor, send them somewhere else, or what?  They are certainly required
>to perform a DR.  Up to this point, our offsite has been in-house and we
>just made sure that the tapes and keys did not travel together which met
>the requirement of secure transfer.  Now we are working on secure storage
>where we don't have complete control.
>
>Patti Clark - GSEC
>IIa
>Sr. Linux/UNIX System Administrator
>Office of Scientific and Technical Information
>
>
>
>To sign off this list, send email to listserv AT listserv.temple DOT edu and
>type "signoff networker" in the body of the email. Please write to
>networker-request AT listserv.temple DOT edu if you have any problems with this
>list. You can access the archives at
>http://listserv.temple.edu/archives/networker.html or
>via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER