Copy and Restore Transformation Method

The copy method performs initial encryption, rekeying, and decryption by copying data from one directory, or GuardPoint, to another directory or GuardPoint.

In the following figure, the administrator of the protected hosts encrypts a file set by copying it to a directory protected by a CTE GuardPoint with a standard policy. Encryption is transparent to the copy utility.

Figure 1-2: Initial Encryption

In the following figure, already-encrypted files protected by a CTE GuardPoint are rekeyed by copying them to a directory protected by another GuardPoint with a different encryption key. Both decryption and re-encryption are transparent to copy utilities.

Figure 1-3: Rekeying Protected Data

In the following figure, you can decrypt a protected file set by copying files from their protected location to unprotected directories. The CTE Agent decrypts file blocks before delivery to the copy utility for rewriting.

Figure 1-4: Decrypting Data by Copying

Encrypting and rekeying files by copying has two important advantages:

• Simplicity — After you have installed a CTE Agent and GuardPoints are activated on a protected host, the protected host’s administrator can encrypt, decrypt, or rekey file sets simply by copying them from one location to another. There are no procedures to learn, and no requirement to coordinate with your key manager's Security Administrator. Data transformation is simply another routine administrative task.

• Recoverability — If a copy-based transformation is interrupted, for example, by a power failure or system crash, the transformation resumes at or prior to the point of interruption. This is because all of the source files remain available and can be recopied, overwriting files at the destination that may have been only partially reencrypted.

Offsetting these advantages are two limitations inherent to the copy method:

• Storage resource consumption — Copying a file set requires that both source and destination files exist simultaneously. Storage capacity sufficient for both must be available during initial encryption. For very large protected data sets, “extra” temporary storage may be a significant expense. However, a greater concern is likely to be the impact of moving production file sets as they are transformed. File data is unprotected while in the copy utility’s buffers.

• Impact on operating procedures — Original and copied file sets have different path names and/or network addresses. After transformation, either both file sets must be renamed (the old path to a new name, and the new path to the old name), or applications must be adapted to process the transformed data set at the new directory. For a small data center with a few protected file sets, some combination of these options is usually practical. For data centers with hundreds of protected file sets, the administrative complexity and consequent chance of error make copying a complex option.

See Initial Data Encryption and Rekeying for detailed operational information on the copy method.

Restore Transformation Method

A variation of the copy method is to make a backup of the files for transformation and restore the backup to the destination location. This works because:

• Backing up data causes it to be read and decrypted.

• Restoring data causes it to be written (re-encrypting it with an alternative key).

• CTE protection is transparent to backup programs.

This technique also creates a backup of the data set. However, a disadvantage is the time required to copy data twice (once from the source location to backup, and once from backup to destination location).

These considerations suggest that copying data to transform it is more suitable for initial encryption (and final decryption), and less so for rekeying. Additionally, the simplicity of recovering an interrupted transformation makes the copy/restore method useful in situations where the probability of interruption during transformation is significant.

See Restore Encryption Method for detailed operational information on the restore method.