As an IT organization, how confident are you that your organization’s data is secure and protected? From a protection perspective, it’s generally
expected to have RAID protection, redundant copies and backups, disaster recovery plans, etc. All essential good practices. But how secure are you from unauthorized access to data? Even when the data is at rest and believed to be secured within your trusted enterprise storage system?
It’s becoming an increasingly important topic as infrastructure teams look at their security requirements across the lifecycle of their storage systems. Operational and process questions related to security are starting to come up. What happens to the data when a drive is replaced? What happens when data is migrated and a system is repurposed? What happens at the time of a refresh when a system is decommissioned? And what is being done to prevent potential security breaches, such as if a drive is accidently lost, or even worse stolen?
Because of these growing concerns, many organizations are looking at how their security requirements are changing. Some of these changes are being mandated by government and industry regulations. Many are also the result of internal mandates being driven by the security teams. Data at rest encryption is now playing an increasingly important part of an overall storage strategy. It’s expected that within the next few years, most, if not all data at rest will be encrypted. This is why every user we talk with considers encryption to be a “check the box” required feature for storage going forward.
VMAX D@RE – How does it Work?
VMAX provides secured array based data at rest encryption via “D@RE”. VMAX D@RE encrypts all user data on the array at the drive level. Every drive has its own unique encryption key and all drives within the VMAX are encrypted, including vault drives. If drives are removed from the array (ie drive sparing), their keys are instantly destroyed as part of the replacement process. If an array is retired the admin can permanently delete all copies of keys on that array making the data indecipherable and help address requirements around secure erasure of the system.
VMAX D@RE – Why’s It Different?
VMAX Array based encryption has three key advantages over other encryption alternatives.
No compromise: D@RE preserves all data services, including replication and more importantly, compression. Alternatives that encrypt at the array level then compress at the drive level cannot combine the two capabilities. It’s because encrypted data does not compress (since it’s all unique) forcing users to compromise functionality and choose one or the other, but not both.
Performance: D@RE is faster than host or app based encryption without the use of hardware based accelerators. Since D@RE is hardware based at the array level, there is zero performance impact to the app, server or storage. In addition, data erasures are instant, since only the encryption keys need to be deleted to make the data inaccessible. That’s a key advantage, especially when an entire system, with 100’s of TB’s of data, is being replaced.
No fail destruction: And finally, it works even on badly failed drives. That’s important because when your drive fails, it can fail badly enough that it can’t be overwritten to remove private information. With drive level encryption, even though the failed drive might be “unreadable”, not being able to destroy the data securely still violates many security processes. With D@RE, you can simply destroy the key from all locations and you’ve crypto-shredded or effectively made the data on the drive unreadable.
VMAX D@RE – Why is it Important?
VMAX D@RE provides best in class technology to address security requirements for data at rest without compromise. It supports use cases such as
drive replacements, array replacements, and encryption key life cycle management, and more importantly helps the storage and security teams sleep better at night. All this without compromising functionality, impacting performance or adding complexity.
Technologies like VMAX D@RE provide a critical building block for building a secure, modernized data center. As part of a Modern Data Center, it helps organizations drive better efficiency, gain more business agility and lay the foundation for new applications and analytics tools that will enable companies to compete in the modern digital economy.