EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Size: px
Start display at page:

Download "EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions"

Transcription

1 EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview What is encryption? What is the AES encryption standard? What is key management? Why is data encryption important to the data center? Where can data be protected on a Storage Area Network (SAN)? Why is it important to protect data in-flight? What is the trend in the use of data encryption? What are some of the regulations for data encryption? What is a defensible proof of encryption? What is software-based encryption? What are fabric-based encryption appliances? What are encrypting disk drives and arrays?... 3 EmulexSecure HBA Architecture What is the EmulexSecure HBA architecture? What are the business benefits of using the EmulexSecure HBA architecture? How does the EmulexSecure HBA architecture protect data? What type of encryption does the EmulexSecure HBA architecture support? How is the EmulexSecure HBA architecture implemented? How does EmulexSecure HBA architecture support key management? What is the relationship between the EmulexSecure HBA architecture and KMIP? How does the EmulexSecure HBA architecture work in a virtualized server environment? Will EmulexSecure HBA support be included in Emulex management applications? What are the key features and benefits of the EmulexSecure HBA architecture?... 5 Page 1 of /09

2 Security and Encryption Overview 1. What is encryption? Encryption secures information by converting data so that the original content is unreadable. Modern encryption methods use a standard algorithm (called a cipher) to convert data from unprotected plaintext to protected ciphertext. The key is a randomly generated value that is used to provide a unique transformation of plaintext to ciphertext. The original key must be used to decrypt the data so it can be read. 2. What is the AES encryption standard? The Advanced Encryption Standard (AES) describes encryption algorithms that have been adopted by the U.S. government and approved by the Federal Information Processing Standard (FIPS). AES supports keys sizes of 128, 192 and 256 bytes, with 256-byte keys providing the strongest encryption. 3. What is key management? Key management is the process that is used to create, distribute, store and authenticate encryption keys. Key management systems use policies to restrict key access to specific users and administrators. The key management system also provides secure key distribution, which is critical to ensuring security for encrypted data. 4. Why is data encryption important to the data center? There are several key business benefits that result from protecting data using encryption. These include: Regulation Compliance: There are over 10,000 regulations that require organizations to safeguard data and provide notification of every incident of disclosure. Organizations that don t comply can be subject to government fines and civil litigation. Reduce potential liability from a data breach: Since 2005, there have been 252 million records lost and identity theft has left over 15 million consumers victimized. The average cost of a breach is $6.6 million and each record compromised costs $202 according to the Ponemon Institute. The largest breach on record cost over $250 million. Reduce costs for disk disposal Since disk drives can contain sensitive data, many organizations use costly procedures to protect data on drives that are disposed or taken out of service. For example, IT administrators may not be able to return failed disk drives under warranty for repair or replacement. If not returned, new drives must be purchased at a cost of $1000 to $3500 per drive and the failed drives shredded, drilled, melted or otherwise made physically unreadable. If the data on the drive is properly encrypted with a protected key, it is considered to be unreadable. 5. Where can data be protected on a Storage Area Network (SAN)? The full SAN data path consists of a server, switch, storage (disk and tape) and connecting cabling. There are two primary locations where data can be protected with encryption. The first is in-flight, which refers to data that is in transit anywhere on the data path. The second is at-rest, which is data that is stored on disk or tape. 6. Why is it important to protect data in-flight? Surveys have reported that 68% of data breaches occur from inside the organization. Insiders have more opportunity to capture sensitive data at multiple points in the data path, so simply encrypting Page 2 of /09

3 data at the storage end-point may not be adequate. Host-based encryption protects data throughout the data path, both in-flight and at-rest. 7. What is the trend in the use of data encryption? An analysis of a recent IDC end user survey indicates that the amount of encrypted data should grow to 55% in the next three to five years, with 44% of those surveyed expecting to encrypt more than 75% of their data. 8. What are some of the regulations for data encryption? Sarbanes-Oxley This law was passed in response to widespread incidences of accounting scandals and corporate fraud with public corporations. Some of the provisions relate to providing assurances for the accuracy of data that is reported and made available to auditors. Other provisions include requirements for internal control reports and audit trails. Data encryption supports compliance by ensuring that access to data is strictly controlled and auditable. California AB 1386 and AB These laws are directed at state agencies and businesses that operate in California or collect information about California residents. The laws require notification to Californians if their personal information or medical records are disclosed by a security breach. Health Insurance Portability and Accountability Act (HIPPA) - HIPAA regulates the use and disclosure of information held by "covered entities," which includes health insurers, employersponsored health plans and medical service providers. It establishes regulations for the use and disclosure of Protected Health Information (PHI), which generally includes any part of an individual's medical record or payment history. Payment Card Industry (PCI) Data Security Standard The leading credit card companies aligned to adopt a standard that requires merchants to secure account numbers by encryption or truncation. Penalties and fines can be imposed if data is stolen. Department of Defense (DOD) - The DOD has extensive regulations that relate to access and control of classified information. 9. What is a defensible proof of encryption? A defensible proof of encryption must provide evidence to security auditors that confidential data has been encrypted using a secure key. This requires encryption logs for specific applications on both physical servers and virtual machines (VMs) running on virtualized servers. It also requires key management that protects keys as they re stored and transmitted in the network. Failing to meet these requirements can mitigate the benefit of implementing encryption. 10. What is software-based encryption? Software-based encryption is done by applications running on a server to protect data that is specific to the application. It is typically used for environments that encrypt relatively small amounts of data. Software-based encryption consumes significant CPU cycles, which slows applications and reduces consolidation ratios for virtualized servers. 11. What are fabric-based encryption appliances? Fabric-based encryption appliances are hardware solutions that are installed in the fabric network. There are basically two types of encryption appliances: single-port pair (one target and one initiator) and multiple-port pairs, such as an encrypting switch. Fabric-based encryption appliances protect data in-flight from the appliance to storage. There is no protection for data in-flight between a server and the appliance. 12. What are encrypting disk drives and arrays? Encrypting disk drives and arrays encrypt data as it s written to a disk. Encrypting drives and arrays protect data at-rest, but provide no protection for data in-flight. Encryption keys are embedded with the drive, which could be less secure than solutions that store the key in a different location. Page 3 of /09

4 EmulexSecure HBA Architecture 13. What is the EmulexSecure HBA architecture? The EmulexSecure Host Bus Adapter (HBA) architecture provides a new option for implementing data security. To support this architecture, Emulex is developing HBA products that do hardwarebased encryption of data as it leaves the server, protecting data in-flight on the storage network and when stored at-rest on disk and tape. Initial designs are based on 8Gb/s Fibre Channel PCI Express (PCIe) dual-port HBA technology. The EmulexSecure HBA architecture also includes application programming interfaces (APIs) for integration with key management solutions using the new Key Management Interface Protocol (KMIP). The first supported key management solution will be RSA Key Manager. RSA is a leading enterprise key management provider and other key management solutions will be supported in the future. 14. What are the business benefits of using the EmulexSecure HBA architecture? Data breaches are a growing concern for organizations worldwide. The risk is real and can affect organizations of any size, location or industry. Maximum protection is provided with a strong encryption solution that will secure data in-flight on the network and at-rest on disk and tape and with solutions that can prove that the right data was encrypted and the keys are safe. In addition to the open-ended cost of an actual security breach, organizations need to comply with a variety of regulatory requirements. Adapter-based encryption facilitates auditing and reporting to verify compliance. A host-based solution allows organizations to manage key access based on applications and/or user roles. In addition, keys never leave the data center, so there is no requirement to coordinate key management on hundreds or thousands of drives as with disk-based encryption. Encryption at-rest helps organizations with the problem of disk disposal. When there is a disk failure, unencrypted disks must be made unreadable prior to disposal. Disk drives that contain encrypted information and no key material ensure that disks can be easily disposed and failed disks can be returned for warranty replacement. 15. How does the EmulexSecure HBA architecture protect data? The EmulexSecure HBA architecture is a host-based solution, which protects data in-flight and at-rest with the lowest total cost of ownership when compared to other types of solutions. This has the effect of encryption-enabling the entire storage network. Data is encrypted once and remains encrypted wherever it goes - through the network, on storage and when mirrored or replicated. 16. What type of encryption does the EmulexSecure HBA architecture support? The EmulexSecure HBA architecture uses the Advanced Encryption Standard (AES), which has been ratified by the National Institute of Standards and Technology. It s the encryption solution of choice for solutions requiring a high degree of data security. The EmulexSecure HBA architecture supports AES with 256-bit keys, the strongest security option. There are several modes of AES encryption. The EmulexSecure HBA architecture supports both AES-256 CBC and AES-2x256 XTS. 17. How is the EmulexSecure HBA architecture implemented? The EmulexSecure HBA architecture is designed to be an in-stack transparent encryption solution. Once the keys and encryption policies are loaded, there is no operational difference for software above the driver and there is no impact to any storage network or storage device. Page 4 of /09

5 The solution consists of an enhanced HBA and driver that use a hardware-based crypto module which is seamlessly integrated into the Emulex software stack. Emulex has invented new techniques to encrypt data with no operational impact on the server or storage environment. The initial release is targeted to include Windows and Linux support, with additional operating systems to follow. 18. How does EmulexSecure HBA architecture support key management? The EmulexSecure HBA architecture includes APIs for integration into standard key management, credential management and authentication solutions. All keys are protected inside a FIPS protected security boundary. Encryption keys and host-based access control credentials are managed from the same location to improve security and simplify management. Communications with key managers are authenticated and secure. 19. What is the relationship between the EmulexSecure HBA architecture and KMIP? The Key Management Interoperability Protocol (KMIP) is a new standard that was announced on February 12, Emulex uses KMIP to integrate with RSA Key Manager and will work with other products that support the standard in the future. 20. How does the EmulexSecure HBA architecture work in a virtualized server environment? The EmulexSecure HBA architecture does hardware-assisted encryption which off-loads CPU cycles, allowing more VMs per server than a software-based encryption solution. Keys are managed per Logic Unit Number (LUN) so applications running on VMs can have unique encryption keys with granular control of access to data. EmulexSecure HBAs also support migration of VMs that have encrypted access to data. The EmulexSecure HBA architecture uses enterprise-wide key management that enables migration to any host that has an EmulexSecure HBA and is authorized to access keys for the VM s storage. Keys are automatically loaded before the VM is moved, ensuring no disruption in server availability and storage access. 21. Will EmulexSecure HBA support be included in Emulex management applications? EmulexSecure HBA management will be included in the OneCommand Management Framework that supports all Emulex host-based products. With the OneCommand Management Framework, IT organizations will be able to: Apply and track encryption policies across the infrastructure Provide audit information into the corporate logging system 22. What are the key features and benefits of the EmulexSecure HBA architecture? Highest level of protection, lowest cost Single lock to protect data in-flight and at-rest AES 256-bit strong encryption Capital costs 50% to 80% less than array or switch encryption Capital costs 50% to 90% less than software-based encryption on servers with high I/O workloads Optimized scalability and performance for server virtualization Hardware-assisted encryption Minimal impact on CPU performance Page 5 of /09

6 Support for secure virtual machine (VM) migration In-stack transparent security architecture No changes to the software stack above the EmulexSecure HBA drivers Protection for every adapter, switch and storage device in the network Open enterprise key management Support for KMIP standard API for integration with key management solutions Policy-based management allows key access to be managed by roles and applications Compliance-ready Facilitates defensible proof of encryption Safe transport and disposal of disks and tapes Page 6 of /09

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information

More information

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE By Libby McTeer CONTENTS ABSTRACT 3 WHAT IS ENCRYPTION? 3 WHY SHOULD I USE ENCRYPTION? 3 ENCRYPTION METHOD OVERVIEW 4 LTO4 ENCRYPTION BASICS 5 ENCRYPTION

More information

Hitachi Virtual Storage Platform Family: Security Overview. By Hitachi Data Systems

Hitachi Virtual Storage Platform Family: Security Overview. By Hitachi Data Systems Hitachi Virtual Storage Platform Family: Security Overview By Hitachi Data Systems April 2015 Contents Executive Summary... 3 Hitachi Virtual Storage Platform G1000 Security Components... 4 Privileged

More information

ABC of Storage Security. M. Granata NetApp System Engineer

ABC of Storage Security. M. Granata NetApp System Engineer ABC of Storage Security M. Granata NetApp System Engineer Encryption Challenges Meet Regulatory Requirements No Performance Impact Ease of Installation Government and industry regulations mandate protection

More information

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance ADVANCED INTERNET TECHNOLOGIES, INC. https://www.ait.com Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance Table of Contents Introduction... 2 Encryption and Protection

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Best Practices Guide: Network Convergence with Emulex LP21000 CNA & VMware ESX Server

Best Practices Guide: Network Convergence with Emulex LP21000 CNA & VMware ESX Server Best Practices Guide: Network Convergence with Emulex LP21000 CNA & VMware ESX Server How to deploy Converged Networking with VMware ESX Server 3.5 Using Emulex FCoE Technology Table of Contents Introduction...

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

Solutions for Encrypting Data on Tape: Considerations and Best Practices

Solutions for Encrypting Data on Tape: Considerations and Best Practices Solutions for Encrypting Data on Tape: Considerations and Best Practices NOTICE This white paper may contain proprietary information protected by copyright. Information in this white paper is subject to

More information

Cisco Storage Media Encryption for Disk and Tape

Cisco Storage Media Encryption for Disk and Tape Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and

More information

Virtual Fibre Channel for Hyper-V

Virtual Fibre Channel for Hyper-V Virtual Fibre Channel for Hyper-V Virtual Fibre Channel for Hyper-V, a new technology available in Microsoft Windows Server 2012, allows direct access to Fibre Channel (FC) shared storage by multiple guest

More information

efolder White Paper: HIPAA Compliance

efolder White Paper: HIPAA Compliance efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

PROTECTING DATA IN MULTI-TENANT CLOUDS

PROTECTING DATA IN MULTI-TENANT CLOUDS 1 Introduction Today's business environment requires organizations of all types to reduce costs and create flexible business processes to compete effectively in an ever-changing marketplace. The pace of

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

Keep Your Data Secure: Fighting Back With Flash

Keep Your Data Secure: Fighting Back With Flash Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up

More information

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods

More information

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive

More information

Self-Encrypting Hard Disk Drives in the Data Center

Self-Encrypting Hard Disk Drives in the Data Center Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional

More information

Decrypting Enterprise Storage Security

Decrypting Enterprise Storage Security Industry Trends and Technology Perspective White Paper Trends and options for securing enterprise data and storage By Greg Schulz Founder and Senior Analyst, the StorageIO Group December 11 th, 2006 With

More information

HP iscsi storage for small and midsize businesses

HP iscsi storage for small and midsize businesses HP iscsi storage for small and midsize businesses IP SAN solution guide With data almost doubling in volume every year, businesses are discovering that they need to take a strategic approach to managing

More information

HBA Virtualization Technologies for Windows OS Environments

HBA Virtualization Technologies for Windows OS Environments HBA Virtualization Technologies for Windows OS Environments FC HBA Virtualization Keeping Pace with Virtualized Data Centers Executive Summary Today, Microsoft offers Virtual Server 2005 R2, a software

More information

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction Silverton Consulting, Inc. StorInt Briefing An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction Each month many companies, big or small,

More information

Protecting Backup Media with AES Encryption

Protecting Backup Media with AES Encryption Abstract: Although most businesses scrupulously protect the personal customer information that they collect and store onsite, companies often do not consider the security issues involved when sending backup

More information

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution 1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

EMC VMAX3 DATA AT REST ENCRYPTION

EMC VMAX3 DATA AT REST ENCRYPTION EMC VMAX3 DATA AT REST ENCRYPTION ABSTRACT In the interconnected world, data and intellectual property is the highest value currency which can be held by corporations. From recent newsworthy examples,

More information

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology Reduce I/O cost and power by 40 50% Reduce I/O real estate needs in blade servers through consolidation Maintain

More information

Securing Data in the Cloud

Securing Data in the Cloud Securing Data in the Cloud Meeting the Challenges of Data Encryption and Key Management for Business-Critical Applications 1 Contents Protecting Data in the Cloud: Executive Summary.....................................................

More information

Cisco MDS 9000 Family Highlights: Storage Virtualization Series

Cisco MDS 9000 Family Highlights: Storage Virtualization Series Cisco MDS 9000 Family Highlights: Storage Virtualization Series Highlighted Feature: Cisco Data Mobility Manager Purpose The Cisco MDS 9000 Family Highlights series provides both business and technical

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

EMC PowerPath Family

EMC PowerPath Family DATA SHEET EMC PowerPath Family PowerPath Multipathing PowerPath Migration Enabler PowerPath Encryption with RSA The enabler for EMC host-based solutions The Big Picture Intelligent high-performance path

More information

SAN Conceptual and Design Basics

SAN Conceptual and Design Basics TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer

More information

How Our Cloud Backup Solution Protects Your Network

How Our Cloud Backup Solution Protects Your Network How Our Cloud Backup Solution Protects Your Network Cloud Backup for Healthcare Key Cloud Backup Features Protection for your Whole Network The 3 Levels of Backup Intelligence 2 Our backup solution powered

More information

Practical Storage Security With Key Management. Russ Fellows, Evaluator Group

Practical Storage Security With Key Management. Russ Fellows, Evaluator Group Practical Storage Security With Key Management Russ Fellows, Evaluator Group SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies

More information

Securing data at rest white paper

Securing data at rest white paper Securing data at rest white paper An enterprise strategy for data encryption and key management Introduction: The data security imperative... 2 Enterprise data-at-rest security landscape today... 2 Challenges

More information

EMC Symmetrix Data at Rest Encryption

EMC Symmetrix Data at Rest Encryption Detailed Review Abstract This white paper provides a detailed description of EMC Symmetrix Data at Rest Encryption features and operations. March 2011 Copyright 2010, 2011 EMC Corporation. All rights reserved.

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information

8Gb Delivers Enhanced Storage Area Network (SAN) Data Security

8Gb Delivers Enhanced Storage Area Network (SAN) Data Security W H I T E P a pe r Third party information brought to you courtesy of Dell. 8Gb Delivers Enhanced Storage Area Network (SAN) Data Security QLogic s Better 8Gb is Security Optimized Expanded Access Control

More information

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V WHITE PAPER 4 Ways to Weave Security and Storage Into 1

More information

Application Note. Introduction. Instructions

Application Note. Introduction. Instructions How to configure Emulex Fibre Channel HBAs with Hyper-V Virtual Fibre Channel on Microsoft Windows Server 2012 with a virtual machine running Microsoft Windows Server 2008 R2 x64 This application note

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions. Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Using VMWare VAAI for storage integration with Infortrend EonStor DS G7i

Using VMWare VAAI for storage integration with Infortrend EonStor DS G7i Using VMWare VAAI for storage integration with Infortrend EonStor DS G7i Application Note Abstract: This document describes how VMware s vsphere Storage APIs (VAAI) can be integrated and used for accelerating

More information

Encryption Key Management for Microsoft SQL Server 2008/2014

Encryption Key Management for Microsoft SQL Server 2008/2014 White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

Key Management Best Practices

Key Management Best Practices White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency WHITE PAPER Solving I/O Bottlenecks to Enable Superior Cloud Efficiency Overview...1 Mellanox I/O Virtualization Features and Benefits...2 Summary...6 Overview We already have 8 or even 16 cores on one

More information

White paper FUJITSU Storage ETERNUS DX series

White paper FUJITSU Storage ETERNUS DX series White paper End-to-end Data Protection Using Oracle Linux with the ETERNUS DX S3 series and Emulex HBA Greatly improving the reliability of the entire system Content Preface 2 1. Data Protection with T10

More information

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest Full Disk Encryption Drives & Management Software The Ultimate Security Solution For Data At Rest Agenda Introduction Information Security Challenges Dell Simplifies Security Trusted Drive Technology Seagate

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Applied Technology Abstract Securing a Microsoft Exchange e-mail environment presents a myriad of challenges and compliance issues

More information

Security Considerations

Security Considerations Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver

More information

Data Protection Report 2008 Best Practices in Data Backup & Recovery

Data Protection Report 2008 Best Practices in Data Backup & Recovery Data Protection Report 2008 Best Practices in Data Backup & Recovery Prepared for: Executive Summary Data is growing at an incredible rate. As a result, the demands of data protection increase as well.

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008

Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008 Best Practices Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008 Installation and Configuration Guide 2010 LSI Corporation August 13, 2010

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

End-to-end Data integrity Protection in Storage Systems

End-to-end Data integrity Protection in Storage Systems End-to-end Data integrity Protection in Storage Systems Issue V1.1 Date 2013-11-20 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in

More information

SafeNet DataSecure vs. Native Oracle Encryption

SafeNet DataSecure vs. Native Oracle Encryption SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises

More information

ACHIEVING HIPAA COMPLIANCE WITH POSTGRES PLUS CLOUD DATABASE

ACHIEVING HIPAA COMPLIANCE WITH POSTGRES PLUS CLOUD DATABASE ACHIEVING HIPAA COMPLIANCE WITH POSTGRES PLUS CLOUD DATABASE TABLE OF CONTENTS 03 04 04 05 08 INTRODUCTION FUNDAMENTALS OF HIPAA AND HITECH HIPAA-COMPLIANT DATA MANAGEMENT IN THE CLOUD POSTGRES PLUS CLOUD

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Virtualization of the MS Exchange Server Environment

Virtualization of the MS Exchange Server Environment MS Exchange Server Acceleration Maximizing Users in a Virtualized Environment with Flash-Powered Consolidation Allon Cohen, PhD OCZ Technology Group Introduction Microsoft (MS) Exchange Server is one of

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

New I/O Management Best Practices for Oracle Database Quality of Service

New I/O Management Best Practices for Oracle Database Quality of Service New I/O Management Best Practices for Oracle Database Quality of Service Optimizing performance, compliance, and cost for OLTP and OLAP workloads in traditional and virtualized environments At a Glance

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

Applying Cryptography as a Service to Mobile Applications

Applying Cryptography as a Service to Mobile Applications Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography

More information

Why Use 16Gb Fibre Channel with Windows Server 2012 Deployments

Why Use 16Gb Fibre Channel with Windows Server 2012 Deployments W h i t e p a p e r Why Use 16Gb Fibre Channel with Windows Server 2012 Deployments Introduction Windows Server 2012 Hyper-V Storage Networking Microsoft s Windows Server 2012 platform is designed for

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

An Integrated End-to-End Data Integrity Solution to Protect Against Silent Data Corruption

An Integrated End-to-End Data Integrity Solution to Protect Against Silent Data Corruption White Paper An Integrated End-to-End Data Integrity Solution to Protect Against Silent Data Corruption Abstract This white paper describes how T10 PI prevents silent data corruption, ensuring that incomplete

More information

P Managing the Lif owerpath Encr ecycl yption wi e of th RSA Encryption Keys with RSA Key anager

P Managing the Lif owerpath Encr ecycl yption wi e of th RSA Encryption Keys with RSA Key anager RSA Technology RSA Solution Solution Brief Brief PowerPath Managing Encryption the Lifecycle with of RSA The Encryption EMC Solution for Keys Securing with Data in Enterprise RSA Key Storage Manager RSA

More information

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010 Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010 Better Together Writer: Bill Baer, Technical Product Manager, SharePoint Product Group Technical Reviewers: Steve Peschka,

More information

Alliance Key Manager Cloud HSM Frequently Asked Questions

Alliance Key Manager Cloud HSM Frequently Asked Questions Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager

More information

Achieve Automated, End-to-End Firmware Management with Cisco UCS Manager

Achieve Automated, End-to-End Firmware Management with Cisco UCS Manager Achieve Automated, End-to-End Firmware Management with Cisco UCS Manager What You Will Learn This document describes the operational benefits and advantages of firmware provisioning with Cisco UCS Manager

More information

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Secured email Enterprise eprivacy Suite

Secured email Enterprise eprivacy Suite EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT Secured email Enterprise eprivacy Suite JANUARY 2007 www.westcoastlabs.org 2 EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT CONTENTS Secured email Enterprise eprivacy

More information

Windows Host Utilities 6.0.2 Installation and Setup Guide

Windows Host Utilities 6.0.2 Installation and Setup Guide Windows Host Utilities 6.0.2 Installation and Setup Guide NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S.A. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501 Support telephone: +1 (888) 463-8277

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Executive Summary Sponsored by Trusted Computing Group Independently conducted by Ponemon Institute LLC Publication Date: April 2011

More information

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing

More information

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File

More information

Cisco Data Center 3.0 Roadmap for Data Center Infrastructure Transformation

Cisco Data Center 3.0 Roadmap for Data Center Infrastructure Transformation Cisco Data Center 3.0 Roadmap for Data Center Infrastructure Transformation Cisco Nexus Family Provides a Granular, Cost-Effective Path for Data Center Evolution What You Will Learn As businesses move

More information