Endpoint Encryption

 View Only
  • 1.  PGP Netshare backup software behavior/requirements

    Posted Nov 06, 2014 03:27 AM

    Hi there,

    I need a clarification with regards to PGP Netshare backup software behavior and/or requirements.

    Having an PGP managed environment with Netshare encryption enabled, what are the prerequistes for the backup software, backing up the file server, to automatically decrypt the encrypted files and folders for backup dedupe etc.? Consider we have not added the backup software to the exclude list on the PGP Desktop policy? Do we need to install PGP desktop on the file server?

    Thanks,

    Giulio



  • 2.  RE: PGP Netshare backup software behavior/requirements

    Posted Nov 09, 2014 11:26 PM

    Guys, anyone can advise on this? 



  • 3.  RE: PGP Netshare backup software behavior/requirements

    Posted Nov 10, 2014 12:39 PM

    Typically, the data would be backed up while still in an encrypted state, unless you have an automated process set up with PGP Command Line to decrypt and move the files to the backup location.

    If backed up in an encrypted state, the data should still be accessible with the same keys, so companies will typically allow it to remain encrypted.  Is there some sort of requirement in your environment for decrypting the files before backup?

    As far as installing the software on the backup file server, there should be no reason to do so.



  • 4.  RE: PGP Netshare backup software behavior/requirements

    Broadcom Employee
    Posted Nov 24, 2014 05:53 AM

    Hi Giulio,

    For deduplication you probably need to install the PGP client in the machine where the backup agent works. What you are looking for is to access clear text files. It means that the backup process must be able to reach the files after the NetShare contents were unlocked, which implies access to the private portion of the PGP key to decrypt the contents. For an automated solution perhaps PGP Command Line would be the best approach to decrypt the files in bulk to allow the deduplication process to work.

    If your backup software manipulates encrypted files, it will render them useless. It will result in garbled content.
    PGP NetShare File Protection FAQ - TECH148964
    PGP NetShare Basics FAQ - TECH148972
    Symantec File Share Encryption (previously PGP NetShare) Compatibility FAQ - TECH148974

     

    Probably the safest could be to copy the encrypted files "as is" and ensure the keypairs/ADK are available in case the business requires access to that data.

    Usual recommendation: test the backups and test the ADK.


    HTH

     

    Edit:

    Removed a misleading sentence:

    The whitelisting/blacklisting is for data originated from a certain application. That is not the case of the dataset you want to backup.

     

    Reference: Backup File Share Encrypted Files (Previously PGP NetShare) - TECH149223