Re: [Networker] Managing encryption keys for offsite storage
2011-07-21 15:21:54
We do hardware encryption to LTO-5 tape media for our off-site tapes. The
encryption key is burned to a CD, which is locked away in a safe in a
building that is separate from where our tape library is located. Our
tapes are shipped off-site daily without the key. Our off-site storage
facility does not have access to the encryption key at any time.
On 7/21/2011 1:03 PM, "Clark, Patti" <clarkp AT OSTI DOT GOV> wrote:
>While not specifically a Networker question, it comes under the backup
>management part of the equation. For offsite storage where there is a
>third party vendor, for example Iron Mountain, what do folks who use
>encryption do for their encryption keys? Do you co-locate them with the
>vendor, send them somewhere else, or what? They are certainly required
>to perform a DR. Up to this point, our offsite has been in-house and we
>just made sure that the tapes and keys did not travel together which met
>the requirement of secure transfer. Now we are working on secure storage
>where we don't have complete control.
>
>Patti Clark - GSEC
>IIa
>Sr. Linux/UNIX System Administrator
>Office of Scientific and Technical Information
>
>
>
>To sign off this list, send email to listserv AT listserv.temple DOT edu and
>type "signoff networker" in the body of the email. Please write to
>networker-request AT listserv.temple DOT edu if you have any problems with this
>list. You can access the archives at
>http://listserv.temple.edu/archives/networker.html or
>via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|