HPE Community
Operating System - HP-UX
1827294 Members
2327 Online
109717 Solutions
New Discussion

Re: encrypt data on tapes

 
SOLVED
Go to solution
John Destreel
Occasional Advisor

‎02-13-2007 10:16 PM

‎02-13-2007 10:16 PM

encrypt data on tapes

Hi,

In order to prevent public exposure of company sensitive backup files of oracle databases on tape and scared by recent lost of patients unencrypted data of a certain hospital, I'm considering my options right now.

On my rp5470 11.11 a make hotbackups of the oracle9 databases and store these with fbackup on tapes. I would like to store the encrypted now.

Crypt is too weak!?
I could upgrade to 11.23 and deploy EVFS, but are there any drawbacks to consider.

Are there any other (free) solutions not including additional hw?

please advice ...
tia

best regards,

John Destreel

To boldly crash where no one has crashed before : Windows XP
0 Kudos
5 REPLIES 5
Robert-Jan Goossens
Honored Contributor

‎02-13-2007 10:24 PM

‎02-13-2007 10:24 PM

Re: encrypt data on tapes

Hi John,

Good article.

http://www.csoonline.com/analyst/report3945.html

Regards,
Robert-Jan
0 Kudos
Bill Hassell
Honored Contributor

‎02-13-2007 11:24 PM

‎02-13-2007 11:24 PM

Re: encrypt data on tapes

There is no easy way to do this with fbackup. You would be much safer in using Data Protector or other commercial quality backup program where encryption is built in. And of course, proper handling of backup tapes, from creation to transport to storage (and eventually, destruction) is part of a good protection program.


Bill Hassell, sysadmin
0 Kudos
Steve Lewis
Honored Contributor

‎02-13-2007 11:44 PM

‎02-13-2007 11:44 PM

Solution

Re: encrypt data on tapes

How about a different view?

Your auditors will also want assurance that people such as you cannot update the data on the storage directly, as well as securing the backup tapes.

So how about considering encryption of the columns in the database itself?

This will protect the backup tape data as well as the on-line storage.

In either case you would need to ensure that your encryption keys are kept separately from the backup data, but are just as secure. Key management is becoming quite an issue these days.

Steven Schweda
Honored Contributor

‎02-14-2007 12:47 AM

‎02-14-2007 12:47 AM

Re: encrypt data on tapes

If you have a "hotbackup" on disk, you might
run it through GnuPG (or something similar),
and then put the scrambled result onto tape.

I assume that that method would roughly
double your transient disk storage
requirement, and consume some non-trivial
amount of CPU, but the software cost would
meet your criterion.
Carl Houseman
Super Advisor

‎12-04-2007 09:03 AM

‎12-04-2007 09:03 AM

Re: encrypt data on tapes

I just found this thread while researching my own needs for tape encrytpion. I guess this answer is way too late, but what are you using for the hot backups? Typically that would be RMAN, and RMAN has the ability to encrypt the backup data as it creates it. Just google 'rman encryption'
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.