Data Protector Express User's Guide (TC330-96002, October 2010)
8 Enc r yption and Compression
In this chapter
•EncryptionforBackupJobs
• Compression
•KeyManagement
Encryption
Encryption i
s the process of changing data into a form that cannot be read until it is deciphered,
protecting
the data from unauthorized access and use. Company policy normally determines when
encryption is required.
For example, it may be manda tor y for company confidential and financial data, but not for personal data.
Company pol
icy will also define how encryption keys should be generated and managed.
The current version of Data P rotector Express provides the user with the ability to encrypt the da ta that is
written to t
he media and fully implements the Advanced Encryption Standard (AES) for both hardware
and software encryption.
• Hardware encryption is supported on some backup devices, such as HP LTO-4 tape drives. It is
faster tha
n software encryption and requires no processing on the backup server. The encryption
strength is determined by the backup device. HP LTO-4 tape drives a lways provide strong AES-256
encryption. This feature can be man aged by a backup application that supports hardware
encryption, such as Data Protector Express.
• Software
encryption uses the encryption algorithms available within Data Protector Express. The
user selects an encryption strength: Low 56 bit, Medium 128-bit or High 256-bit. Each encryption
key size causes the algorithm to behave slightly differently. Increasing software encryption strength
makes the data more secure, but requires more processing power.
If your business requires you to use encryption, Data Protector Express allows you to set the required
encrypt
ion types and levels. This chapter contains impor tant information about data encryption.
Cryptographic Algorithms
Cryptograp hic alg orithms are the b asic components of cryptographic applications. It is important to
understand that as you increase the complexity of the encryption the information g ets closer to impossible
to read and the load on your machine, for software-based encryption, will increase.
Software Three cryptographic algorithms are provided. These three settings provide three levels of
resistance which require progressively more CPU time to convert the same amount of data. The three
options are for the software encryption mode only.
• Low – DES 56-bit
• Medium – A ES 128-bit
• High – AES 256-bit
Hardware The cryptographic algorithm provided by hardware devices that provide this feature is not
under Data Protector Express control. The hardware provides configuration and o perating parameters
via a special encryption comm and. The device driver adjusts its crypto session settings from this input.
Hardware encryption is an on/off feature, you do not have the ability to adjust the encryption level
through the Data Protector Express interface. By default Data Protector Express will attempt to use the
highest encryption algorithm supported on the device, if the device supports multiple algorithms. If the
User’s Guide
55