If you are planning to use ADE, then please *plan*. As David says, a
strategy to manage encryption keys is absolutely necessary, and planning for
worst-case scenarios is recommended.

1) Backups - how (and where) do you manage keys.. Do you keep the keys with
the data (as an example)?
2) If you needed to retrieve data in 7 years time (e.g. a tax audit) - would
you know all the keys - and the passwords - used 7 years ago?
3) Would your successors in the Company know how to obtain - and use - those
same keys and passwords?
4) Is it so easy that anyone stealing a backup tape would have the keys and
passwords as well?
5) What is the backup / archive strategy when individual keys and/or
passwords are added or changed at a point in time?
6) Fully test any DR scenario - use observers from outside the immediate
I.T. team to "keep it honest":
*** Freshly change encryption keys on a file that day - after the last
backup - before the failure Is simulated
*** Simulate loss of the current system hardware (e.g., fire or flood)
*** Simulate loss of key staff - forget what you know.
*** Use different hardware - with no previous user IDs created
*** Ignore all previous knowledge of keys, passwords and procedures - only
work from routinely secured media and stored documentation
*** Fresh installation of UniVerse or UniData
*** Document every step followed so the post-mortem can check this was an
honest test
7) Run a post mortem - use the observers to help appraise the results.
*** Did it work?
*** Was it TOO easy to unlock data?
*** Was it too difficult / time consuming?
8) Run the application(s) and exercise all the files after recovery
9) Re-run the scenario until it works flawlessly
10)  Repeat at regular intervals - e.g. annually.

Why be so careful? Unlike "file corruption" (for example) - restore from
backup ALONE may not be a solution. It is possible to have your data and for
it to still be "beyond use".

You don't need to feel concerned about using ADE - it has been fairly
hammered in a number of scenarios as the consequences of a serious issue are
well appreciated.  You DO need to plan and be extra careful.

Check for any specific advice, issues or notices as a matter of routine




U2-Users mailing list

Reply via email to