What do you think when you hear the words, “data security”? A number of ideas may come to mind depending on your background, profession, or how closely you have been following the recent news of data breaches. Often, the same is true when organizations try to tackle the challenge of securing data. They know it’s an issue, but how best to address it? Where should they start? Many organizations fall into the trap of thinking their perimeter security is enough. If they can just keep the threats out of their networks, they will be safe. However, that is not the case. It’s not that those security solutions are not important; in fact, they are crucial. It’s that the threats are continually evolving — and the individuals behind the threats are finding new ways to break in.
We must start treating data with the same rigor as the perimeter, to ensure the right types of security are in place. Data has become the new perimeter. Taking a layered approach to securing data increases the chance that in the event of breach, the data will remain secure. How do we do this? We must make sure the data is encrypted and that the encryption keys are secured, so even if the data is stolen, it is unusable.
One of the many ways Dell Technologies is aiming to help our customers with these security challenges is by providing infrastructure solutions that are cyber-resilient by design. We realize our customers are going to be running their sensitive data on our platforms, so we need to provide them with the tools necessary to secure that data. Here we are going to explore just one of those ways we help customers achieve data security within their server infrastructure.
In a global marketplace, the physical location of data can spread far and wide, leading to increased vulnerabilities. Gone are the days of organizations operating a single, tightly secured data center where access is limited and server hardware physical security is well assured. Data center admins are tasked with fast response times, disaster recovery plans, and regulatory requirements that mandate onshore private data storage. To accomplish this, most organizations follow the multiple data center architecture approach. This conventional approach carries risk.
Data-at-rest encryption is one of the key security considerations to keep data safe on the disks using self-encrypting drives (SEDs). Data-at-rest encryption offers instant, transparent encryption of data on servers and dedicated storage. The default protection strategy for the data on the SEDs is to use on-board key management software which grants authorized users access to the keys needed to decrypt and unlock the data stored on the SED. However, this strategy has limitations. If a malicious user walks out of the data center with this server, they could potentially locate the keys and access the encrypted data. Additionally, it can leave you exposed to insider threats, where an employee who has access to the server could locate the key and steal the data.
To address this security hole, a new feature – Secure Enterprise Key Management (SEKM) was introduced. Utilizing SEKM, the keys are generated, managed, and stored on an external server away from the data that is stored on the SEDs. SEKM is then coupled with industry-leading data security solution Thales’ CipherTrust Manager through the industry standard Key Management Interoperability Protocol or KMIP. Since the CipherTrust Manager is external, the keys have the highest possible availability, so their power to enhance data security can be leveraged across many systems, thereby achieving true scalability that extends the value of the key management components. Leveraging the key management deployment across the organization also simplifies policy management and regulatory compliance audits.
In addition, CipherTrust Manager is external. The keys have the highest possible availability, so their power to enhance data security can be leveraged across many systems. This provides true scalability that extends the value of the key management platform. Leveraging the key management deployment across the organization also simplifies policy management and regulatory compliance audits. If you need to meet higher FIPS levels, including Thales Luna HSMs adds the strongest possible root-of-trust, high entropy of the generated keys, and a FIPS 140-2 Level 3 certified hardware vault to hold these critical private keys.
Developing the right data security strategy can be daunting and complex, but with the expertise of our sales teams, we can help to simplify data security and accelerate your time to compliance and to achieve multi-cloud security. With Dell EMC’s cyber-resilient by design PowerEdge servers and Thales CipherTrust Data Security Manager, we can help you develop a more comprehensive strategy to secure your data. If you are ready to get started, contact your Dell Sales team.