Release Note для Spectra Logic spectra t120
User Guide Updates — Configuring and Using Encryption
138
Release Notes
90940002
Protect the Key
Make sure you track, in conformance with your security plan, where you
store the key and who received an email message with the key. Also keep
track of the password used when you exported the key.
store the key and who received an email message with the key. Also keep
track of the password used when you exported the key.
The following guidelines outline the essential tasks required to protect
encryption keys:
Save one or more copies of every key using the Key Export option on
encryption keys:
Save one or more copies of every key using the Key Export option on
the Encryption Configuration screen (see
. Two methods are available for key export: copying the
encrypted key to a USB key or emailing an encrypted version of the key
as an attachment to a user who has been configured as a mail user
through the library).
as an attachment to a user who has been configured as a mail user
through the library).
If you choose to store only a single copy of a key, and then something
happens to the device storing the key, you’ve lost both your key and all
data encrypted using the key.
happens to the device storing the key, you’ve lost both your key and all
data encrypted using the key.
To emphasize: If you lose the key, your data is unrecoverable. You
need to balance the number of copies of the key to store to guarantee
access to the encrypted data against the security risk associated with
storing multiple keys. Make sure that the key has been successfully
stored prior to removing a key from the library.
need to balance the number of copies of the key to store to guarantee
access to the encrypted data against the security risk associated with
storing multiple keys. Make sure that the key has been successfully
stored prior to removing a key from the library.
Store keys offsite in a location other than the site used for media
storage. Confirm that the key is stored correctly on the USB key or has
been received by the intended recipient before deleting the key from
your system. If you delete the key, you must import the key to decrypt
the data that used the key during encryption. Importing keys is
described in
been received by the intended recipient before deleting the key from
your system. If you delete the key, you must import the key to decrypt
the data that used the key during encryption. Importing keys is
described in
.
You may want to make two copies of a key, storing each in a secure
location. Note the location of these keys, so that you can easily find the
key when you need to restore or delete data.
location. Note the location of these keys, so that you can easily find the
key when you need to restore or delete data.
Maintain a list of every password associated with each key and securely
store the list. Never keep this list as cleartext on a networked computer,
or send it through email as cleartext. For added security, encrypt the file
containing the list of passwords.
or send it through email as cleartext. For added security, encrypt the file
containing the list of passwords.
Track every copy of each key. This is critical to meet requirements that
may govern data retention and data destruction. Destroying all keys
associated with encrypted data is sufficient to satisfy data destruction
requirements, since encrypted data cannot be accessed without the key
used to encrypt it.
associated with encrypted data is sufficient to satisfy data destruction
requirements, since encrypted data cannot be accessed without the key
used to encrypt it.
Caution
Make sure you keep a record of the password created when exporting the key. You
need this password
need this password
and
the encrypted file containing the key to import the
encryption key. Without the key password, you will not be able to import the
encryption key.
encryption key.