Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution



Similar documents
XTREMIO DATA AT REST ENCRYPTION

How To Manage A Single Volume Of Data On A Single Disk (Isilon)

EMC ISILON ONEFS OPERATING SYSTEM

EMC ISILON X-SERIES. Specifications. EMC Isilon X200. EMC Isilon X210. EMC Isilon X410 ARCHITECTURE

Data Security Using TCG Self-Encrypting Drive Technology

EMC ISILON SCALE-OUT STORAGE PRODUCT FAMILY

EMC ISILON SCALE-OUT STORAGE PRODUCT FAMILY

EMC ISILON NL-SERIES. Specifications. EMC Isilon NL400. EMC Isilon NL410 ARCHITECTURE

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Navigating Endpoint Encryption Technologies

EMC ISILON OneFS OPERATING SYSTEM Powering scale-out storage for the new world of Big Data in the enterprise

ABC of Storage Security. M. Granata NetApp System Engineer

21 st Century Storage What s New and What s Changing

Solid-State Drives with Self-Encryption: Solidly Secure

Encrypted SSDs: Self-Encryption Versus Software Solutions

EMC ISILON HD-SERIES. Specifications. EMC Isilon HD400 ARCHITECTURE

EMC VNX2: Data at Rest Encryption

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Data Security using Encryption in SwiftStack

HADOOP SOLUTION USING EMC ISILON AND CLOUDERA ENTERPRISE Efficient, Flexible In-Place Hadoop Analytics

Making Data at Rest Encryption Easy

Self-Encrypting Hard Disk Drives in the Data Center

Unlock the value of data with smarter storage solutions.

OPTIMIZING PRIMARY STORAGE WHITE PAPER FILE ARCHIVING SOLUTIONS FROM QSTAR AND CLOUDIAN

THE EMC ISILON STORY. Big Data In The Enterprise. Copyright 2012 EMC Corporation. All rights reserved.

WHITE PAPER. Get Ready for Big Data:

EMC SOLUTION FOR SPLUNK

EMC IRODS RESOURCE DRIVERS

IBM Storwize V7000 Unified and Storwize V7000 storage systems

Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide

CONVERGED DATA STORAGE SOLUTIONS. Helping Companies DESIGN, INTEGRATE and DEPLOY, END-TO-END File Based Workflows

The BIG Data Era has. your storage! Bratislava, Slovakia, 21st March 2013

Implementing Stored-Data Encryption (with a bias for self-encrypting drives) Presenter: Michael Willett SAMSUNG Author: Michael Willett, Samsung

Data Storage. Vendor Neutral Data Archiving. May 2015 Sue Montagna. Imagination at work. GE Proprietary Information

10th TF-Storage Meeting

Keep Your Data Secure: Fighting Back With Flash

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

Solutions for Encrypting Data on Tape: Considerations and Best Practices

AUTOMATED DATA RETENTION WITH EMC ISILON SMARTLOCK

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

Introduction to NetApp Infinite Volume

SecureD Technical Overview

EMC VMAX3 DATA AT REST ENCRYPTION

Huawei OceanStor N8500 Clustered NAS Storage System Sales Guide

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Full Drive Encryption Security Problem Definition - Encryption Engine

EMC Symmetrix Data at Rest Encryption

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

DATA LAKE FOUNDATION 2.0 JEUDI 19 NOVEMBRE Denis FRAVAL-OLIVIER : ISD Presales Manager

Alliance Key Manager Solution Brief

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets

Seagate Secure Technology

Data-at-Rest Encryption Addresses SAN Security Requirements

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

CONVERGED DATA STORAGE SOLUTIONS. SAN Scale-Out NAS Archive

Entry level solutions: - FAS 22x0 series - Ontap Edge. Christophe Danjou Technical Partner Manager

Next Generation NAS: A market perspective on the recently introduced Snap Server 500 Series

THE BRIDGE FROM PACS TO VNA: SCALE-OUT STORAGE

Projectplace: A Secure Project Collaboration Solution

No matter what you need for Managed IT services, High-Performance Storage, you can count on us for low cost, fast and effective service.

How To Store Data On A Server Or Hard Drive (For A Cloud)

Scientific Computing Data Management Visions

EMC BIG DATA GIS INFRASTRUCTURE

Improving IT Operational Efficiency with a VMware vsphere Private Cloud on Lenovo Servers and Lenovo Storage SAN S3200

BANKING SECURITY and COMPLIANCE

Research Information Security Guideline

HPSD MEMA strategy, priorities and Discover Announcements

How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)

INTRODUCTION ADVANTAGES OF RUNNING ORACLE 11G ON WINDOWS. Edward Whalen, Performance Tuning Corporation

HIPAA Privacy & Security White Paper

The CIO s Guide to HIPAA Compliant Text Messaging

Aegis Padlock for business

BMC s Security Strategy for ITSM in the SaaS Environment

SHAREPOINT 2010 REMOTE BLOB STORES WITH EMC ISILON NAS AND METALOGIX STORAGEPOINT

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Managing BitLocker Encryption

Managing the Unmanageable: A Better Way to Manage Storage

Seagate Instant Secure Erase Deployment Options

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

ways to enhance security in AWS ebook

Physical Security EMC Storage with ISS SecurOS

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

SimpliVity OmniStack with Vormetric Transparent Encryption

Canon imagerunner Hard Disk Drive Data Security Options. Data Encryption and Overwrite

MEEC Webinar Daly and EMC BRS - EMC Backup & Archive Solutions

How To Achieve Pca Compliance With Redhat Enterprise Linux

Dell PowerVault MD Family. Modular storage. The Dell PowerVault MD storage family

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Transcription:

1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales Questions What s New? What is being announced? The EMC Isilon Data at Rest Encryption (DARE) solution now includes support for all currently shipping Isilon platforms and provides encryption across today s Isilon portfolio. The Isilon DARE solution utilizes Self-Encrypting Drives (SEDs) to provide secure data protection for sensitive file-based, unstructured data. Isilon's DARE solution offers enterprise customers enhanced data security that allows them to meet rigorous compliance and governance requirements without sacrificing application or workload performance. The Isilon DARE solution combines advanced data security with the many other benefits of Isilon scale-out storage including simplicity, massive scalability and unmatched efficiency. What are the key components of the Isilon DARE solution? The Isilon DARE solution consists of a cluster comprised of Isilon nodes that are fully populated with Self Encrypting Drives (SEDs) and perform encryption and decryption of data within each drive. This solution is available for Isilon X200, X400, and NL400 nodes running the Isilon OneFS 7.1 (or later) operating system and for Isilon S210 and X410 nodes running the Isilon OneFS 7.1.1 (or later) operating system. The solution requires the cluster to consist entirely of encrypted Isilon nodes fully populated with SEDs. The Isilon DARE solution utilizes AES-256 bit encryption keys using the algorithm and key strength recommended by the National Institution of Standards and Technology and that has been adopted worldwide as the de-facto encryption standard. SEDs used in the Data at Rest Encryption (DARE) solution also provide protection against physical attacks to sensitive data.

[Type here] Target Customers What type of customers are good candidates for the Isilon DARE solution? The Isilon Data at Rest Encryption solution is ideal for enterprises managing largescale, file-based, unstructured data that requires rigorous data security to protect sensitive information and meet stringent compliance and governance requirements including: Large-scale NAS file environments with robust data security requirements: Windows, Linux, and UNIX environments with more than 50 TB of file data storage that requires data encryption security Financial Services: Companies facing Sarbanes-Oxley & PCI compliance requirements Healthcare Providers: Healthcare providers that need to meet HIPAA compliance regulations for such data as PACS images and other sensitive information Federal and State Government Agencies: Governmental agencies needing secure, encrypted data storage solutions that protect sensitive data and that are certified to meet a wide range of regulatory requirements including the Federal Information Security Management Act (FISMA) Customer Benefits What is the value proposition for the Isilon DARE solution? The Isilon Data Encryption at Rest (DARE) solution allows organizations to meet stringent regulatory and compliance requirements and protect sensitive information without sacrificing application or workload performance. The Isilon DARE solution combines advanced data security with the many other benefits of Isilon scale-out storage including simplicity, massive scalability and unmatched efficiency. What are the key benefits that the Isilon DARE solution will deliver? The Isilon Data Encryption at Rest solution provides the following benefits: Protects against accidental or malicious loss including drive theft by keeping data encrypted on drives Enables data to be securely erased before drives are repurposed or retired by shredding encryption keys. Cryptographic erasure (e.g. shred keys) to wipe data can be done in a matter of seconds Allows customers to return failed drives to vendor, even if drives contain sensitive data (vendors have no access to authentication keys and cannot access user data) The self-encrypting drives (SEDs) used with the Isilon DARE solution are FIPS 140-2 Level 2 validated and are certified for U.S. government use. They also utilize AES-256 encryption with negligible performance degradation (1%). Data encryption keys used by the SEDs never leave the drives and are automatically managed within the Isilon cluster with OneFS 7.1 and 7.1.1. The Isilon DARE solution allows organizations to address important data security, regulatory, compliance and governance requirements including:

3 Federal Information Security Management Act (FISMA) Financial Services Payment Card Industry standards (PCI DSS) Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley Competitive Positioning How will Isilon s DARE solution further differentiate Isilon Scale-Out NAS solutions from the competition? EMC Isilon is the only scale-out NAS platform that offers a Data at Rest Encryption solution option for enterprise customers. Along with its DARE solution, Isilon also offers File System Audit compliance and SEC 17a-4 compliant WORM data protection. With these capabilities, Isilon offers the most robust security and compliance options available on a scale-out NAS platform. Isilon Security Capabilities Compared to the Competition Capabilities : Data Encryption at Rest EMC Isilon DARE Solution NetApp C-Mode 8.2 IBM SONAS HP StoreAll IBRIX Yes No No No No HDS HNAS : Support for Audit Applications Yes Yes No Yes No : WORM / SEC 17a-4 Yes No No Yes- WORM No- Yes- WORM No- Technical Sales Questions How is encryption being offered for the existing EMC Isilon product line? The Isilon platform supports encrypted clusters by utilizing self-encrypting drives (SEDs) to bring data at rest encryption (DARE) to the product line. What platforms support encrypted clusters? Today, encryption solutions with SEDs are generally available for Isilon S210, X200, X400, X410 and NL400 nodes.

[Type here] What SEDs drive capacities are now available? Drive capacities and supported platforms are shown in the table below: 3 TB HDD 4 TB HDD 900 GB HDD 800 GB SSD Isilon S210 No No Yes Yes Isilon X200 Yes No No Yes Isilon X400 Yes Yes No Yes Isilon X410 Yes Yes No Yes Isilon NL400 Yes Yes No Yes Is there a minimum Isilon OneFS version required to support encrypted clusters? Yes. Encrypted clusters with Isilon X200, X400 and NL400 nodes must be running OneFS 7.1 or later for the system to recognize the SEDs. The newer Isilon X410 and S210 nodes require OneFS 7.1.1 or later. Can you mix encrypted and non-encrypted nodes within the same Isilon node? No. Encrypting and non-encrypting drives cannot be mixed within a node. The entire node must be all encrypting or non-encrypting drives. Can you mix encrypted and non-encrypted nodes within the same Isilon cluster? No. The entire cluster must consist of encrypted or unencrypted nodes. The only exception is during migration of a non-encrypted cluster to an encrypted cluster. Can SSDs be included in encrypted nodes for metadata caching or other SSD functions? Yes, by using the 800GB SED SSD. How does the encryption work in the Isilon DARE solution? Each Self-Encrypting Drive (SED) in the Isilon DARE solution has a unique data encryption key (DEK) used to encrypt and decrypt data as it is written to and read from the disk. Isilon OneFS 7.1.1 automatically generates an authentication key (AK) that is used to wrap the DEK, preventing unauthorized access to the data. Drives removed out of the source node will be unable to decrypt the data on the drive because the AK is needed to unlock the drive. What key strengths and encryption algorithms are supported? The drives support AES-256 bit strength keys for data encryption. How do I migrate my customer to an encrypted cluster solution? Migration is offered as an EMC Professional Services engagement. Generally, you can migrate an existing cluster in-place by adding encrypted nodes, using Isilon SmartPools to move data to the new encrypted node and then use SmartFail to take out the unencrypted nodes. Repeat this process until all unencrypted nodes have been replaced.

5 How is key management accomplished with the Isilon DARE solution? Isilon OneFS 7.1.1 uses an internal key manager that stores authentication keys (AKs) securely on an encrypted database replicated across both compact flash drives on each node. The data encryption keys on each drive do not leave the FIPS boundary on the drive itself. Each drive is given a unique AK that is automatically deleted as drives are removed. Newly inserted drives will be assigned automatically a new AK without requiring administrator intervention. Does this solution support Key Management Interoperability Protocol (KMIP)? Not currently, however this capability is on the roadmap for a future release of OneFS. Which use cases do these encrypting drives? Isilon encrypted clusters protect sensitive information against single or multiple drive theft. Our solution also protects sensitive information when SED drives fail and need to be returned for service purposes. What validations does this solution have? The SEDs used in our solution are FIPS 140-2 level 2 validated. This level of validation satisfies the majority of Federal requirements for cryptographic validation. How can we prove that our SED implementation is FIPS validated? You can point customers to the following FIPS certificates for each SED drive we support: 800GB SSD SED: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2014.htm#2089 900GB SAS SED: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140val-all.htm#1905 3TB SATA (NL-SAS) SED: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140valall.htm#1635 4TB SATA (NL-SAS) SED: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140valall.htm#1635 This list will grow as we add new SED drive capacities. Which regulatory and compliance requirements are met with this solution? Isilon encrypted clusters can satisfy PCI-DSS v2.0 section 3.4, HIPAA PHI Privacy Rule and Security Rules, California Senate Bill 1386 and California Assembly Bill 1950, and other State equivalent bills. General Sales Questions

[Type here] When will Isilon s Data at Rest Encryption solution be available generally to Isilon and EMC Core Sales? Isilon S210, X200, X400, X410, and NL400 nodes with Self-Encrypting Drives are now generally available. These products now appear in the Isilon configuration tool. These nodes are available through Isilon, Isilon channel partners, EMC Core Sales, and Unified specialists. To contact your local Isilon sales team, send an email to CLOUD@CDILLC.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information