Stewart Stremler wrote: > > System backups shouldn't be encrypted, data backups should, especially > when it's sensitive data.
System is the easiest to restore, even if all the tapes are encrypted. A system without its data is useless. If you encrupt the data, then that data stands a better chance of being irrevocably lost. You add another single point of failure: loss of the keys. If you are going to encrypt the backup tapes, then you are going to have to have a fantastic key management system. One that can survive the loss of the site, and the loss of the primary personnel (that may know the keys by heart. Or may not). This does have to be balanced against the loss of a tape by the courier, or offsite storage provider. The best solution? The application itself encrypting the sensitive data. This way it is safe, no matter what, and you need take no special precautions with the backup tapes. Other key management caveats still apply. -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
