Ensure Secure Data with Encryption as Part of the Data Management Process
CommVault's Data Encryption capability secures data over networks and on media. What makes CommVault's approach unique is the flexibility of when and how the data is encrypted along with secure management of the decryption keys.
Administrators are able to select encryption as follows:
- Before the data leaves the client system to ensure secure network transmission, for replication, backup and archive data copies
- When writing the initial backup or archive data copy to disk or tape
- When making secondary copies of backup and archive data copies, from one storage device to the next — especially useful for encrypting data before it is stored on removable media such as tape
- Any combination of these options
CommVault software offers a variety of encryption algorithms, including Advanced Encryption Standard (AES) with a 128-bit cipher and 128- or 256-bit decryption keys. Other algorithms provided include Blowfish using an implementation designed specifically for speed on 32-bit machines, Serpent, Twofish and 3-Data Encryption Standard (DES).
Data encryption keys can be pass-phrase protected, and stored within the CommCell® system, on the media, or both.
The passing of a law in California that forces companies to tell their customers when sensitive data has been lost or stolen has raised awareness of the need for encryption security. There are many examples of large banks and other organizations reporting the loss of tapes—with bank account, social security and other types of highly sensitive information being exposed for thousands of their customers. This type of problem can be avoided using the Data Encryption feature built into CommVault software.
