When should i use encryption, How do i enable encryption, When will i be asked to enter the key – HP StoreEver Ultrium Tape Drives User Manual

Encryption is the process of changing data into a form that cannot be read until it is deciphered,
protecting the data from unauthorized access and use. HP LTO-6, LTO-5 and LTO-4 tape drives
use the strongest version of the industry-standard AES encrypting algorithm to protect your data.

To make use of this feature you need:

•

A backup application that supports hardware encryption

•

HP LTO–6 Ultrium 6.25 TB media (C7976A or C7976W), HP LTO–5 Ultrium 3 TB media
(C7975A or C7975W) or HP LTO–4 Ultrium 1.6 TB media (C7974A or C7974W); no
encryption will be performed when writing earlier generations of tape

When should I use encryption?

Your company policy will determine when you need to use encryption. For example, it may be
mandatory for company confidential and financial data, but not for personal data. Company policy
will also define how encryption keys should be generated and managed. Backup applications that
support encryption will generate a key for you or allow you to enter a key manually.

NOTE:

Encryption with keys that are generated directly from passwords or passphrases may be

less secure than encryption using truly random keys. Your application should explain the options
and methods that are available. Please refer to your application's user documentation for more
information.

How do I enable encryption?

Hardware encryption is turned off by default and is switched on by settings in your backup
application, where you also generate and supply the encryption key. Your backup application
must support hardware encryption for this feature to work. The software supplied with the tape
drive provides this support. See

http://www.hp.com/storage/spock

for an up-to-date list of other

suitable backup software.

When will I be asked to enter the key?

Encryption is primarily designed to protect the media once it is offline and to prevent it being
accessed from another machine. You will be able to read and append the encrypted media without
being prompted for a key as long as it is being accessed by the machine and application that first
encrypted it.

There are two main instances when you will need to know the key:

•

If you try to import the media to another machine or another instance of the backup application

•

If you are recovering your system after a disaster

What happens if I don't remember the key?

If you are unable to supply the key when requested to do so, neither you nor HP Support will be
able to access the encrypted data.

This guarantees the security of your data, but also means that you must be careful in the management
of the encryption key used to generate the tape.

WARNING!

You should keep a record or backup of your encryption keys and store them in a

secure place separate from the computer running the backup software.

Does encryption affect tape drive performance?

Hardware encryption can be used with or without compression and without speed or capacity
penalties.

38

Use the correct media