Appendix M - Encryption; Overview - HP BB118BV - StorageWorks Data Protector Express Package User Manual

If your business requires you to use encryption, Data Protector Express allows you to set the required
encryption types and levels. This chapter contains important information about data encryption.

Overview

•
Installation
•
Definitions
•
Cryptographic Algorithms
•
Passphrase
•
General Use
•
Disaster Recovery
•
Overview
Encryption is the process of changing data into a form that cannot be read until it is deciphered, protecting
the data from unauthorized access and use. Company policy normally determines when encryption is
required. For example, it may be mandatory for company confidential and financial data, but not for
personal data. Company policy will also define how encryption keys should be generated and managed.
The current version of Data Protector Express provides the user with the ability to encrypt the data that is
written to the media and fully implements the Advanced Encryption Standard (AES) for both hardware
and software encryption.
Hardware encryption is supported on some backup devices, such as HP LTO-4 tape drives. It is faster
•
than software encryption and requires no processing on the backup server. The encryption strength is
determined by the backup device. HP LTO-4 tape drives always provide strong AES-256 encryption.
This feature requires a backup application, such as Data Protector Express, that supports encryption;
it cannot be activated independently of Data Protector Express.
Software encryption uses the encryption algorithms available within Data Protector Express. The user
•
selects an encryption strength: Low 56 bit, Medium 128-bit or High 256-bit. Each encryption key size
causes the algorithm to behave slightly differently. Increasing software encryption strength makes the
data more secure, but requires more processing power.
332