Security

Ensuring the physical and network security of key server hardware and the access security of the keystore password are among the best practices for the encryption of your storage environments.

General
When possible, provide additional physical security around hardware and media elements that are associated with the key servers. You can also provide additional network security around hardware that is associated with key servers.
Keystore
The initiation of a Security Guardium Key Lifecycle Manager key server involves the specification of a password that is used to access the keystore. You must decide whether the Security Guardium Key Lifecycle Manager password must be provided manually or whether there is some mechanism to automatically provide the password to the Security Guardium Key Lifecycle Manager. If a startup script is used on the Security Guardium Key Lifecycle Manager server that contains the password, the script file must have access controls to prevent unauthorized access to the file and password. For example, the file permissions cannot allow read, write, or run access by unauthorized users.