-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Black Sent: Friday, September 01, 2006 3:04 PM To: [email protected] Subject: Re: IBM announces Encrypting tape drives
> > Now with encrypted tape drives, how many DR vendors will have them before our > next disaster or should we bring our own spare drives with us? > If you depend on the DR vendor, you must be sure that they have the encryption drives not only at the primary DR site, but also at any secondary site that you might be diverted to if someone is already using the primary site. <snip> This brings up a question or two of a security nature. Where do you keep the keys for decrypt of your tapes? Should they (the keys) be sent off site with the DR tapes? Should they be kept separately but also off-site with a third vendor? If you have the keys on a diskette or CD, and they are with the tapes, and the truck carrying them has a problem... If the diskette or CD is damaged in some fashion, what backup for them do you have (don't laugh, I've seen DR tests where the printed reports for doing a restore got destroyed, and one of the two backup copies that were sent to the site didn't make it). Granted, there is only so much you can do, but how often do you generate keys? And if you change keys, how do you get to the old data to get it (assuming archival for whatever some taxing agency requires (double entendre intended))? Enquiring minds and all that. Later, Steve Thompson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
