On Mon, Nov 30, 2009 at 4:49 PM, Mark McCullough <[email protected]> wrote: > I'm asking on behalf of someone else who is trying to determine what > others are doing to protect sensitive data on media that is removable. > For example, backup disks/tapes. Is it sufficient for you to maintain a > chain of custody over unencrypted media? Or do you require encryption > of all such potentially removable media (tapes, removable disks, etc.)? > > Note, I am not asking about the scenario where Joe User copies a file > deliberately to a USB stick and walks off. This is dealing with cases > where one has a specific process to know who has access to the media, > where it is, and so on. > > For purposes of discussion, please ignore data governed by external > certifications or audits (e.g. credit card numbers). This is dealing > with data that is suitable to live unencrypted on internal disk but is > being backed up on some media that will be removed from the server > potentially, usually as a part of a rotation to a vaulting process. > > -- > Mark McCullough > [email protected]
For our tape media we rely on encryption done by the backup client, and for other media we use GPG. For some really sensitive stuff, we do both, but that's mostly to avoid keeping multiple files around (1 encrypted and 1 not encrypted). _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
