System and method for encrypting secondary copies of data
First Claim
Patent Images
1. A system for re-encrypting data stored as secondary copies on secondary storage media under a first encryption scheme, comprising:
- a first storage processor comprising computer hardware having one or more computer processors, first storage processor configured to monitor primary data created by different software applications in a primary data production network, the primary data stored in primary storage within the primary data production network, the primary data further comprising data types associated with the native formats of the different software applications executing within the primary data production network;
a storage manager that is in communication with the primary data production network, the storage manager configured to direct the first storage processor to create at least a first copy of the primary data based on at least one backup storage policy, wherein the first copy of the primary data is stored in an unencrypted format;
an encryption tracking component executing on computer hardware comprising one or more computer processors, wherein the encryption tracking component is located remotely from the primary data production network, the encryption tracking component configured to;
selectively encrypt portions of the first copy of the primary data based on the types of data in the first copy of the primary data to create a secondary copy of the primary data on one or more secondary storage devices, the secondary copy having encrypted portions and unencrypted portions; and
maintain an index that identifies the unencrypted and encrypted portions of the secondary copy; and
a media retrieval component executing on the one or more computer processors, wherein the media retrieval component receives an indication from the encryption tracking component to change an encryption scheme for the secondary copy and retrieves at least the encrypted portions of the secondary copy associated with a first encryption scheme; and
an encryption component executing on the one or more computer processors, wherein the encryption component decrypts the encrypted portions of the secondary copy associated with the first encryption scheme and encrypts the decrypted portions of the secondary copy with a second encryption scheme, wherein the second encryption scheme was created after the secondary copy was stored on the one or more secondary storage devices, and wherein the unencrypted portions of the secondary copy remain unencrypted.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information.
207 Citations
4 Claims
-
1. A system for re-encrypting data stored as secondary copies on secondary storage media under a first encryption scheme, comprising:
-
a first storage processor comprising computer hardware having one or more computer processors, first storage processor configured to monitor primary data created by different software applications in a primary data production network, the primary data stored in primary storage within the primary data production network, the primary data further comprising data types associated with the native formats of the different software applications executing within the primary data production network; a storage manager that is in communication with the primary data production network, the storage manager configured to direct the first storage processor to create at least a first copy of the primary data based on at least one backup storage policy, wherein the first copy of the primary data is stored in an unencrypted format; an encryption tracking component executing on computer hardware comprising one or more computer processors, wherein the encryption tracking component is located remotely from the primary data production network, the encryption tracking component configured to; selectively encrypt portions of the first copy of the primary data based on the types of data in the first copy of the primary data to create a secondary copy of the primary data on one or more secondary storage devices, the secondary copy having encrypted portions and unencrypted portions; and maintain an index that identifies the unencrypted and encrypted portions of the secondary copy; and a media retrieval component executing on the one or more computer processors, wherein the media retrieval component receives an indication from the encryption tracking component to change an encryption scheme for the secondary copy and retrieves at least the encrypted portions of the secondary copy associated with a first encryption scheme; and an encryption component executing on the one or more computer processors, wherein the encryption component decrypts the encrypted portions of the secondary copy associated with the first encryption scheme and encrypts the decrypted portions of the secondary copy with a second encryption scheme, wherein the second encryption scheme was created after the secondary copy was stored on the one or more secondary storage devices, and wherein the unencrypted portions of the secondary copy remain unencrypted. - View Dependent Claims (2)
-
-
3. A method of re-encrypting data stored as secondary copies on secondary storage media under a first encryption scheme, comprising:
-
monitoring primary data created by different software applications in a primary data production network, the primary data stored in primary storage within the primary data production network, the primary data further comprising data types associated with the native formats of the different software applications executing within the primary data production network; creating with a storage manager that is in communication with the primary data production network, at least a first copy of the primary data based on at least one backup storage policy, wherein the first copy of the primary data is stored in an unencrypted format; selectively encrypting portions of the first copy of the primary data with an encryption component that is located remotely from the primary data production network, wherein the selectively encrypting is based on the types of data in the first copy of the primary data to create a secondary copy of the primary data on one or more secondary storage devices, the secondary copy having encrypted portions and unencrypted portions; maintaining an index that identifies the unencrypted and encrypted portions of the secondary copy; receiving an indication to change an encryption scheme for the encrypted portions of the secondary copy; decrypting, with one or more computer processors, the encrypted portions of the secondary copy of data associated with a first encryption scheme; and encrypting the decrypted portions of the secondary copy with a second encryption scheme, wherein the second encryption scheme was created after the secondary copy was stored on the one or more secondary storage devices, and wherein the unencrypted portions of the secondary copy remain unencrypted. - View Dependent Claims (4)
-
Specification