|
Data is one of the most highly valued resources in a competitive business environment. Protecting that data, controlling access to it, and verifying its authenticity while maintaining its availability are priorities in our security–conscious world. Increasing regulatory requirements are also helping to drive the need for the adequate security of data. Encryption is a powerful and widely used technology that helps protect data from loss and inadvertent or deliberate compromise.
Protecting information with IBM self-encrypting storage solutions
IBM System Storage solutions can help organizations enforce information security controls by encrypting data at rest, which is critical because data center storage is inherently mobile: Tapes get archived, disk drives routinely get replaced, and entire systems get retired. When drives or tape cartridges are physically removed from the storage system, IBM’s self-encrypting storage solutions automatically protect the data from any system not authorized to read the data. Organizations no longer have to worry when data center storage media are misplaced, lost, or stolen!
IBM offers a portfolio of information security solutions based on its innovative self-encrypting disk and tape drives. These drives are designed to encrypt data automatically as it enters the drive to be stored, and then automatically decrypt it as it moves out of the drive. The embedded encryption engine helps to ensure that there is no performance degradation compared to the non-encrypting drives. This drive-level encryption approach reduces the risk that information could be compromised when storage media are physically removed from the storage systems.
IBM introduced the industry’s first self-encrypting enterprise tape drive, the IBM System Storage TS1120, in 2006, followed by Linear Tape Open (LTO) self-encrypting drives that support a wide range of lower-cost tape environments. The IBM System Storage DS8000 with Full Disk Encryption extends this market-proven encryption model to enterprise disk systems to support the security requirements of demanding enterprise environments in a practical and cost-effective manner.
Using these IBM self-encrypting drives to encrypt data at the storage end point provides the ability to store data in an encrypted form with minimal operational complexity and minimal impact on performance. Encrypting at the storage end point can help organizations:
- Minimize the need for host-based encryption, which can drain host performance
- Minimize the need to use specialized encryption appliances that can add to infrastructure complexity
- Accommodate a system’s data compression and deduplication, which help increase storage capacity utilization
- Address the high performance requirements of enterprise applications that need to scale linearly with no performance degradation
Successful key management strategies
Just as each tape drive has an embedded encryption engine, each disk drive also has an embedded encryption engine, and it, too, uses IBM’s encryption key management software to manage the keys associated with the solution. This simplified and proven key management system is being used in some of the largest banks in the world. As with the encrypting tape solution, the encrypting disk solution is designed to be transparent to the operating system, applications, databases, system administrators and users, making deployment much simpler than with specialized encryption appliances.
IBM currently addresses key management in its self-encrypting tape storage solutions with the standards-based Encryption Key Manager (EKM) or the new Tivoli Key Lifecycle Manager (TKLM). TKLM is the latest generation of EKM that includes not only support for self-encrypting disk and tape solutions, but it also includes a graphical user interface to simplify on-going management tasks. It is designed to help manage the growing volume of encryption keys across the enterprise with simplified deployment, configuration and administration of key generation, as well as key life cycle management.
|
