StorCycle offers the option to assign single-key encryption to target storage locations, where every file sent to the archive is encrypted.
Before encryption can be assigned, it must be configured by an Administrator Crypto-Officer.
WARNING: DO NOT USE STORCYCLE ENCRYPTION UNLESS YOU FULLY UNDERSTAND THE PROCESS AND IMPLICATIONS OF SAVING THE LOCAL KEY TO FILE vs. MEMORY
To enable encryption, Administrator Crypto-Officers will create a one-time Password. This password may never be updated or changed after first configuration.
THE PASSWORD MUST BE RECORDED OUTSIDE OF STORCYCLE FOR MAXIMUM SAFETY. IF PASSWORD IS LOST, ENCRYPTED DATA WILL NOT BE ACCESSIBLE
If the passphrase is saved to memory, it must be re-entered each time the StorCycle server reboots. Alternatively, Administrators can select to save the passphrase can be saved to a local file. StorCycle uses the created password to generate the Encryption key which is never revealed in plaintext or accessible by StorCycle users.
Note: If the StorCycle server or application is inaccessible, encrypted data can be decrypted by using the StorCycle executable (ssc.exe), a Command Line Interface, and the Encryption Password.
If the encryption password is lost, data will not be able to be accessed and potentially lost forever. Administrators MUST save the encryption password outside of StorCycle
Administrator Crypto-Officers can enable encryption from the Gear Icon → Configuration → Encryption menu.
During configuration or at any time in the future, Administrators can either elect to save the encryption passphrase to a local file or save the passphrase to memory.
Local File: When the passphrase is saved to a local file, StorCycle will be able to access the phrase in order to regenerate the encryption key on server reboots.
If the encryption password is lost, data will not be able to be accessed and potentially lost forever. Administrators MUST save the encryption password outside of StorCycle
To Memory: When stored to memory, the passpharse is stored to the local server's memory and used to generate the encryption key each time it is needed. If the server reboots, the passphrase will be lost from memory and an Administrator Crypto-Officer will be requried to re-enter the passphrase in the StorCycle interface after reboot. If the passphrase is not re-entered, jobs which utilize an encrypted target will not run.
Encryption is enabled on Target storage location.
All data sent to targets with encryption enabled will be protected.
