HP Express Basic Software 7 Encryption and Compression

7 Encryption and Compression

Encryption

Encryption is the process of changing data into a form that cannot be read until it is deciphered, protecting the data from unauthorized access and use. Company policy normally determines when encryption is required.

For example, your company may require encryption for company confidential and financial data, but not for personal data. Company policy will also define how encryption keys should be generated and managed.

Data Protector Express provides the ability to encrypt the data that is written to the media and fully implements the Advanced Encryption Standard (AES) for both hardware and software encryption.

•Hardware encryption is supported on some backup devices, such as HP LTO-4 tape drives. Hardware encryption is faster than software encryption and requires no processing on the backup server. The encryption strength is determined by the backup device. HP LTO-4 and later generation tape drives always provide strong AES-256 encryption. This feature can be managed by a backup application that supports hardware encryption, such as Data Protector Express.

•Software encryption uses the encryption algorithms available within Data Protector Express. You can select an encryption strength: Low 56 bit, Medium 128-bit or High 256-bit. Each encryption key size causes the algorithm to behave slightly differently. Increasing software encryption strength makes the data more secure, but requires more processing power.

Cryptographic Algorithms

Cryptographic algorithms are the basic components of cryptographic applications. As the complexity of the encryption algorithm increases, the information gets harder to read, and for software-based encryption, the load on the machine increases.

Software

Three cryptographic algorithms are provided. These three settings provide three levels of resistance which require progressively more CPU time to convert the same amount of data. The three options are for the software encryption mode only.

•Low – DES 56-bit

•Medium – AES 128-bit

•High – AES 256-bit

Hardware

The cryptographic algorithm provided by hardware devices that provide hardware encryption is not under Data Protector Express control. The device provides access to configuration and operating parameters via a device-specific encryption method. In Data Protector Express, you can enable or disable hardware encryption, but you cannot adjust the encryption level or algorithm through the Data Protector Express interface. If the device supports multiple encryption algorithms, Data Protector Express will attempt to use the highest encryption algorithm supported on the device. If the device does not support encryption, you will be prompted with an alert saying that the device cannot be used because it does not support hardware encryption.

40 Encryption and Compression