SlideShare una empresa de Scribd logo

EMC Symmetrix Data at Rest Encryption - Detailed Review

E
EMC

This white paper provides a detailed description of EMC Symmetrix Data at Rest Encryption features and operations.

Tecnología
1 de 9
Descargar para leer sin conexión
EMC Symmetrix Data at Rest Encryption Detailed Review Abstract This white paper provides a detailed description of EMC® Symmetrix® Data at Rest Encryption features and operations. March 2011
Copyright © 2010, 2011 EMC Corporation. All rights reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners. Part Number h8073.1 EMC Symmetrix Data at Rest Encryption Detailed Review 2
Table of Contents Executive summary .............................................................................................. 4 Audience ..................................................................................................................................... 4 Terminology ................................................................................................................................ 4 Data at Rest Encryption........................................................................................ 5 Key management ........................................................................................................................ 7 RSA Embedded Key Manager components......................................................................... 7 DEK protection ..................................................................................................................... 7 Data integrity ........................................................................................................................ 7 Operational examples ................................................................................................................. 8 Installation of a Symmetrix system....................................................................................... 8 Replacement of a drive ........................................................................................................ 8 Decommissioning of a Symmetrix system............................................................................ 9 Data at Rest Encryption options ................................................................................................. 9 Conclusion .................................................................................................................................. 9 EMC Symmetrix Data at Rest Encryption Detailed Review 3
Executive summary Securing sensitive data is one of the greatest challenges faced by many enterprises. Increasing regulatory and legislative demands and the constantly changing threat landscape have brought data security to the forefront of IT issues. Several of the most important data security threats are related to protection of the storage environment. Drive loss and theft are primary risk factors. EMC® Symmetrix® Data at Rest Encryption protects data confidentiality by adding back-end encryption to the entire array. Audience The audience for this white paper includes: ● Customers, including IT planners, storage architects, and administrators involved in evaluating, acquiring, managing, operating, or designing security for an EMC networked storage environment. ● EMC staff and partners, for guidance and development of proposals. Terminology Table 1. Symmetrix system terms Term Definition Enginuity EMC Symmetrix systems run the Enginuity™ operating environment. Symmetrix Audit Logs An immutable (not changeable) audit log that tracks security events on a Symmetrix system. The audit log allows administrators to identify any breaches in the system and prove compliance with data protection policies. Symmetrix Service Processor A component that monitors the system environment, provides remote notification and remote support capabilities, and allows EMC personnel to access the system locally or remotely. SymmWin Application A graphics-based tool for configuring and monitoring a Symmetrix system. Table 2. Encryption terms Term Definition XTS-AES Algorithm An XEX-based Tweaked Codebook (TCB) mode with Cipher Text Stealing (CTS) disk encryption used for the encryption of sector-based storage devices. Data Encryption Key Uses key algorithms to encrypt and decrypt data and apply confidentiality protection to (DEK) information. Key Encryption Key Keeps DEKs secure during storage and transmission. The approved technique to protect (KEK) DEKs is to use KEKs along with the AES Key Wrap algorithm. Key Tag A value that is permanently attached to an encryption key. Key tag verification in controller-based encryption guarantees reliable encryption without any potential loss or corruption of data. EMC Symmetrix Data at Rest Encryption Detailed Review 4
Data at Rest Encryption Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Symmetrix systems. Back-end encryption protects your information from unauthorized access when drives are removed from the system. Data at Rest Encryption provides encryption on the back end using Fibre Channel I/O modules that incorporate XTS-AES 256-bit data-at-rest encryption. These modules encrypt and decrypt data as it is being written to or read from a drive. All configured drives are encrypted, including data drives, spares, and drives with no provisioned volumes. In addition, all array data is encrypted, including Symmetrix File System and PowerVault contents. Data at Rest Encryption incorporates RSA® Embedded Key Manager for key management. With Data at Rest Encryption, keys are self-managed, and there is no need to replicate keys across volume snapshots or remote sites. RSA Embedded Key Manager provides a separate, unique DEK for each drive in the array, including spare drives. By securing data on enterprise storage, Data at Rest Encryption ensures that the potential exposure of sensitive data on discarded, misplaced, or stolen media is reduced or eliminated. As long as the key used to encrypt the data is secured, encrypted data cannot be read. In addition to protecting against threats related to physical removal of media, this also means that media can readily be repurposed by destroying the encryption key used for securing the data previously stored on that media. Data at Rest Encryption is compatible with all Symmetrix system features, allows for encryption of any supported local drive types or volume emulations, and delivers powerful encryption without performance degradation or disruption to existing applications or infrastructure. EMC Symmetrix Data at Rest Encryption Detailed Review 5
The following illustration shows a high-level overview of the Data at Rest Encryption architecture: Host EMC host software SAN IP Director Director RSA Key Manager Client IO IO IO IO module module module module RSA Embedded Key Manager Server Unencrypted data Service Processor Encrypted data Management traffic Unique key for each physical disk ICO-IMG-000849 Figure 1. Data at Rest Encryption architecture EMC Symmetrix Data at Rest Encryption Detailed Review 6
Key management Because encryption offers protection for the data itself, rather than for a device or a host, it is a powerful tool for enforcing your security policies. However, the data security provided by encryption is only as good as the generation, protection, and management of the keys used in the encryption process. Encryption keys must be available when they are needed, but at the same time access to keys must be tightly controlled. The keys themselves, as well as the information required to enable the use of the key during decryption activities, must be preserved for the lifetime of the data. This is especially important for enterprise storage environments where encrypted data is kept for many years. Because of the critical importance of key management in encryption solutions, Data at Rest Encryption was designed to be integrated with RSA Embedded Key Manager. RSA Embedded Key Manager provides enterprise key management for a broad range of encryption environments, establishing a pervasive and secure infrastructure for this essential component of data security. All key generation, distribution, and management capabilities required for Data at Rest Encryption are provided by RSA Embedded Key Manager, according to the best practices defined by industry standards such as NIST 800-57 and ISO 11770. The accessibility of encryption keys is a critical factor in high availability. Data at Rest Encryption addresses this by caching the keys locally so that the need to connect to RSA Embedded Key Manager is limited to maintenance operations such as the initial installation of the Symmetrix system, the replacement of a drive, or drive upgrades. Key management events such as key creation, key deletion, and Key Manager recovery are reported in the Symmetrix Audit Log. RSA Embedded Key Manager components Data at Rest Encryption utilizes the following RSA software, which is compiled into the SymmWin application on the Symmetrix Service Processor: ● RSA Embedded Key Manager Server — an embedded version of RSA Key Manager Enterprise Server, which provides encryption key management capabilities such as secure key generation, storage, distribution, and audit. ● RSA Key Manager client — handles communication with the RSA Embedded Key Manager Server. ● RSA BSAFE® cryptographic libraries — provide foundational security functionality for RSA Embedded Key Manager Server and the RSA Key Manager client. ● RSA Lockbox — a hardware-and software-specific encrypted repository that securely stores passwords and other sensitive key manager configuration information. DEK protection The following features ensure the protection of the DEKs: ● The RSA Embedded Key Manager Server repository is encrypted with 256-bit AES using an RSA-generated random password, which is saved in the RSA Lockbox. ● All persistent key storage locations either contain wrapped or encrypted keys, or unwrapped keys that are protected from access by hardware. DEKs are wrapped by encrypting the key data using a standard AES keywrap operation that utilizes a KEK that is unique to each array. ● There are no backdoor keys or passwords to bypass security. Data integrity The following features allow Data at Rest Encryption to ensure that the correct key is used with the correct drive: ● DEKs stored in the RSA Embedded Key Manager include a unique key tag along with the key metadata, which is included with the key material while wrapping (encrypting) the DEK for use in the array. EMC Symmetrix Data at Rest Encryption Detailed Review 7
● During encryption I/O, the expected key tag associated with the drive is separately supplied along with the wrapped key. ● During key unwrap (prior to starting an I/O) the encryption hardware checks that the key unwrapped properly and that it matches the supplied key tag. ● Arrays with data encryption enabled have a special Physical Information Block (PHIB) located in reserved space at the beginning of each drive. Before the drive is made available for normal I/O operation, the PHIB contents are used to validate that the key used to encrypt the drive data matches the key in use by the array. ● To prevent silent data corruption due to encryption hardware datapath failures, the hardware performs self-tests during initialization to ensure that the encryption/decryption logic is intact. Operational examples This section describes how Data at Rest Encryption works during several common operations. Installation of a Symmetrix system When an EMC Customer Engineer installs a Symmetrix system: 1. The EMC Customer Engineer enables Data at Rest Encryption by setting the DARE flag in the initial configuration file for the Symmetrix system. 2. The Symmetrix system installation script automatically installs the RSA software on the Service Processor during the installation process. 3. The RSA Embedded Key Manager Server generates DEKs for each drive in the array and a KEK that is unique to the array. 4. Enginuity generates Symmetrix Audit Logs for every key generation event. 5. The RSA Embedded Key Manager Server encrypts the keys and stores them in the local key repository file as non-volatile copies. 6. The RSA Embedded Key Manager Server wraps each DEK with the KEK, and Enginuity stores all of the keys on the array as encrypted, persistent backup copies. The KEK is programmed into write-only, non-volatile memory in the encryption hardware, which cannot be retrieved back from the hardware. 7. Enginuity initializes volumes using the DEKs and writes any incoming host data to the drives as encrypted data. Replacement of a drive When a customer or EMC Customer Engineer removes a drive from an array: 1. The RSA Embedded Key Manager Server securely deletes the key associated with the removed drive from the key repository on the Service Processor. 2. After the customer or EMC Customer Engineer installs the new drive and Enginuity verifies that it is working, the RSA Embedded Key Manager Server generates a new DEK for the drive and wraps the DEK using the KEK. 3. Enginuity generates Symmetrix Audit Log entries for the deletion of the old DEK and the creation of the new DEK. 4. Enginuity caches the new DEK, which replaces the previous drive's DEK. 5. Enginuity validates the contents of the drive and rebuilds the data using the new DEK. EMC Symmetrix Data at Rest Encryption Detailed Review 8
Decommissioning of a Symmetrix system When an EMC Customer Engineer decommissions a Symmetrix system: 1. The RSA Embedded Key Manager Server securely deletes all persistent copies of the keys in the key repository. 2. Enginuity zeroizes the cached keys stored within the array. The Symmetrix Audit Log becomes irretrievable from the array due to the key destruction. 3. A certificate file detailing the status of the keys involved in the array decommissioning operation is produced. Data at Rest Encryption options The following options apply to Data at Rest Encryption: ● Data at Rest Encryption is an install-time option only. If Data at Rest Encryption is not enabled during installation, it cannot be enabled at a later time. Conversely, if Data at Rest Encryption is enabled during installation, it cannot be disabled. ● All disk groups are encrypted. Mixing encrypted and unencrypted data within the array is not supported. Conclusion Data at Rest Encryption is an easy-to-use, minimal-maintenance solution for data-at-rest encryption. Data at Rest Encryption keeps information safe from drive theft or loss by providing back-end encryption for the entire array. By utilizing RSA Embedded Key Manager, Data at Rest Encryption is able to self-manage encryption keys, so manual key management is not required. The following table describes the capabilities and benefits of Data at Rest Encryption as compared to other data-at-rest security products on the market: Table 3. Competitive comparison Capability/Benefit EMC Hitachi/HP IBM Storage physical protection Yes Yes Yes Drive segregation Yes: one key per drive. Limited: one key per parity Yes: one key per drive. group with a maximum of 32 keys per array. Multi-layered protection and Yes: redundant internal No: requires manual key No: arrays require access to availability key backup. backup management. one of multiple Tivoli Key Lifecycle Manager servers to boot successfully. Operates without manual Yes No No key management by users Compatible with all array Yes Yes No: FDE is only available on capabilities FC drives and eliminates the use of Easy Tier. EMC Symmetrix Data at Rest Encryption Detailed Review 9

Recomendados

Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...christopherfairbairn
 
Reducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationReducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationIntel IoT
 
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...EMC
 
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf Mattsson
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf MattssonISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf Mattsson
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf MattssonUlf Mattsson
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2Alfred Ouyang
 

Recomendados

Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...christopherfairbairn
 
Reducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationReducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationIntel IoT
 
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Secu...EMC
 
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf Mattsson
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf MattssonISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf Mattsson
ISACA National Capital Area Chapter (NCAC) in Washington, DC - Ulf MattssonUlf Mattsson
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2Alfred Ouyang
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2Irsandi Hasan
 
Symantec be besr_wp_60208_final
Symantec be besr_wp_60208_finalSymantec be besr_wp_60208_final
Symantec be besr_wp_60208_finalVictor Diaz Campos
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Matthew Rosenquist
 
IBM FlashSystem 710 and IBM FlashSystem 810
IBM FlashSystem 710 and IBM FlashSystem 810IBM FlashSystem 710 and IBM FlashSystem 810
IBM FlashSystem 710 and IBM FlashSystem 810IBM India Smarter Computing
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
Security for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded SystemsSecurity for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded SystemsFraunhofer AISEC
 
Serverless Thin Client
Serverless Thin ClientServerless Thin Client
Serverless Thin Clientguestb980dc366
 
Les centrals telefòniques anònim
Les centrals telefòniques anònimLes centrals telefòniques anònim
Les centrals telefòniques anònimmgonellgomez
 
Wed enlightenment
Wed enlightenmentWed enlightenment
Wed enlightenmentTravis Klein
 
Unique examples of photorealistic paintings
Unique examples of photorealistic paintingsUnique examples of photorealistic paintings
Unique examples of photorealistic paintingsMaxim Logoswish
 
Remembering God- Your Future Depends on It
Remembering God- Your Future Depends on ItRemembering God- Your Future Depends on It
Remembering God- Your Future Depends on Itlcvtrainer
 
New world names lesson
New world names lessonNew world names lesson
New world names lessonTravis Klein
 
Thurs encomienda
Thurs encomiendaThurs encomienda
Thurs encomiendaTravis Klein
 
Day 3 mon world
Day 3 mon worldDay 3 mon world
Day 3 mon worldTravis Klein
 
Managing Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and ValueManaging Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and ValueEMC
 
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...EMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Private Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructurePrivate Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructureMicrosoft TechNet - Belgium and Luxembourg
 
Becerrajavier a1
Becerrajavier a1Becerrajavier a1
Becerrajavier a1Javier Becerra
 
Conduct monetary policy
Conduct monetary policyConduct monetary policy
Conduct monetary policyTravis Klein
 

Más contenido relacionado

La actualidad más candente

CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2Irsandi Hasan
 
Symantec be besr_wp_60208_final
Symantec be besr_wp_60208_finalSymantec be besr_wp_60208_final
Symantec be besr_wp_60208_finalVictor Diaz Campos
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Matthew Rosenquist
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
Security for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded SystemsSecurity for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded SystemsFraunhofer AISEC
 
Serverless Thin Client
Serverless Thin ClientServerless Thin Client
Serverless Thin Clientguestb980dc366
 

La actualidad más candente (9)

CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security Fosdem
 
ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2ITE v5.0 - Chapter 2
ITE v5.0 - Chapter 2
 
Symantec be besr_wp_60208_final
Symantec be besr_wp_60208_finalSymantec be besr_wp_60208_final
Symantec be besr_wp_60208_final
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
 
IBM FlashSystem 710 and IBM FlashSystem 810
IBM FlashSystem 710 and IBM FlashSystem 810IBM FlashSystem 710 and IBM FlashSystem 810
IBM FlashSystem 710 and IBM FlashSystem 810
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
 
Security for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded SystemsSecurity for Automotive with Multicore-based Embedded Systems
Security for Automotive with Multicore-based Embedded Systems
 
Serverless Thin Client
Serverless Thin ClientServerless Thin Client
Serverless Thin Client
 

Destacado

Les centrals telefòniques anònim
Les centrals telefòniques anònimLes centrals telefòniques anònim
Les centrals telefòniques anònimmgonellgomez
 
Unique examples of photorealistic paintings
Unique examples of photorealistic paintingsUnique examples of photorealistic paintings
Unique examples of photorealistic paintingsMaxim Logoswish
 
Remembering God- Your Future Depends on It
Remembering God- Your Future Depends on ItRemembering God- Your Future Depends on It
Remembering God- Your Future Depends on Itlcvtrainer
 
New world names lesson
New world names lessonNew world names lesson
New world names lessonTravis Klein
 
Managing Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and ValueManaging Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and ValueEMC
 
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...EMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Conduct monetary policy
Conduct monetary policyConduct monetary policy
Conduct monetary policyTravis Klein
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Thurs god wills it crusdades
Thurs god wills it crusdadesThurs god wills it crusdades
Thurs god wills it crusdadesTravis Klein
 
Germansk mytologi og_verdensanskuelse_nor
Germansk mytologi og_verdensanskuelse_norGermansk mytologi og_verdensanskuelse_nor
Germansk mytologi og_verdensanskuelse_norSebastian Hübner
 

Destacado (19)

Les centrals telefòniques anònim
Les centrals telefòniques anònimLes centrals telefòniques anònim
Les centrals telefòniques anònim
 
Wed enlightenment
Wed enlightenmentWed enlightenment
Wed enlightenment
 
Unique examples of photorealistic paintings
Unique examples of photorealistic paintingsUnique examples of photorealistic paintings
Unique examples of photorealistic paintings
 
Remembering God- Your Future Depends on It
Remembering God- Your Future Depends on ItRemembering God- Your Future Depends on It
Remembering God- Your Future Depends on It
 
New world names lesson
New world names lessonNew world names lesson
New world names lesson
 
Thurs encomienda
Thurs encomiendaThurs encomienda
Thurs encomienda
 
Day 3 mon world
Day 3 mon worldDay 3 mon world
Day 3 mon world
 
Managing Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and ValueManaging Assets for Maximum Performance and Value
Managing Assets for Maximum Performance and Value
 
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
TechBook: Mainframe EMC Symmetrix Remote Data Facility (SRDF) Four-Site Migra...
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Private Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructurePrivate Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud Infrastructure
 
Becerrajavier a1
Becerrajavier a1Becerrajavier a1
Becerrajavier a1
 
Conduct monetary policy
Conduct monetary policyConduct monetary policy
Conduct monetary policy
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
Mobile mini trends
Mobile mini trendsMobile mini trends
Mobile mini trends
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Thurs god wills it crusdades
Thurs god wills it crusdadesThurs god wills it crusdades
Thurs god wills it crusdades
 
Germansk mytologi og_verdensanskuelse_nor
Germansk mytologi og_verdensanskuelse_norGermansk mytologi og_verdensanskuelse_nor
Germansk mytologi og_verdensanskuelse_nor
 

Similar a EMC Symmetrix Data at Rest Encryption - Detailed Review

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC CelerraBloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC CelerraBloombase
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aTony Pearson
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cTony Pearson
 
IBM Cloud Data Encryption Services
IBM Cloud Data Encryption ServicesIBM Cloud Data Encryption Services
IBM Cloud Data Encryption ServicesIsabel Sanz
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 
Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngDeborah Lindquist
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extensionDESMOND YUEN
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET Journal
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
Bloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase
 
H13521 so-bloombase-solution-overview
H13521 so-bloombase-solution-overviewH13521 so-bloombase-solution-overview
H13521 so-bloombase-solution-overviewBloombase
 

Similar a EMC Symmetrix Data at Rest Encryption - Detailed Review (20)

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC CelerraBloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
IBM Cloud Data Encryption Services
IBM Cloud Data Encryption ServicesIBM Cloud Data Encryption Services
IBM Cloud Data Encryption Services
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_Eng
 
569 492-500
569 492-500569 492-500
569 492-500
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extension
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under Drivehq
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Bloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdf
 
H13521 so-bloombase-solution-overview
H13521 so-bloombase-solution-overviewH13521 so-bloombase-solution-overview
H13521 so-bloombase-solution-overview
 

Más de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 

Más de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach
 

Último

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Último (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

EMC Symmetrix Data at Rest Encryption - Detailed Review

  • 1. EMC Symmetrix Data at Rest Encryption Detailed Review Abstract This white paper provides a detailed description of EMC® Symmetrix® Data at Rest Encryption features and operations. March 2011
  • 2. Copyright © 2010, 2011 EMC Corporation. All rights reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners. Part Number h8073.1 EMC Symmetrix Data at Rest Encryption Detailed Review 2
  • 3. Table of Contents Executive summary .............................................................................................. 4 Audience ..................................................................................................................................... 4 Terminology ................................................................................................................................ 4 Data at Rest Encryption........................................................................................ 5 Key management ........................................................................................................................ 7 RSA Embedded Key Manager components......................................................................... 7 DEK protection ..................................................................................................................... 7 Data integrity ........................................................................................................................ 7 Operational examples ................................................................................................................. 8 Installation of a Symmetrix system....................................................................................... 8 Replacement of a drive ........................................................................................................ 8 Decommissioning of a Symmetrix system............................................................................ 9 Data at Rest Encryption options ................................................................................................. 9 Conclusion .................................................................................................................................. 9 EMC Symmetrix Data at Rest Encryption Detailed Review 3
  • 4. Executive summary Securing sensitive data is one of the greatest challenges faced by many enterprises. Increasing regulatory and legislative demands and the constantly changing threat landscape have brought data security to the forefront of IT issues. Several of the most important data security threats are related to protection of the storage environment. Drive loss and theft are primary risk factors. EMC® Symmetrix® Data at Rest Encryption protects data confidentiality by adding back-end encryption to the entire array. Audience The audience for this white paper includes: ● Customers, including IT planners, storage architects, and administrators involved in evaluating, acquiring, managing, operating, or designing security for an EMC networked storage environment. ● EMC staff and partners, for guidance and development of proposals. Terminology Table 1. Symmetrix system terms Term Definition Enginuity EMC Symmetrix systems run the Enginuity™ operating environment. Symmetrix Audit Logs An immutable (not changeable) audit log that tracks security events on a Symmetrix system. The audit log allows administrators to identify any breaches in the system and prove compliance with data protection policies. Symmetrix Service Processor A component that monitors the system environment, provides remote notification and remote support capabilities, and allows EMC personnel to access the system locally or remotely. SymmWin Application A graphics-based tool for configuring and monitoring a Symmetrix system. Table 2. Encryption terms Term Definition XTS-AES Algorithm An XEX-based Tweaked Codebook (TCB) mode with Cipher Text Stealing (CTS) disk encryption used for the encryption of sector-based storage devices. Data Encryption Key Uses key algorithms to encrypt and decrypt data and apply confidentiality protection to (DEK) information. Key Encryption Key Keeps DEKs secure during storage and transmission. The approved technique to protect (KEK) DEKs is to use KEKs along with the AES Key Wrap algorithm. Key Tag A value that is permanently attached to an encryption key. Key tag verification in controller-based encryption guarantees reliable encryption without any potential loss or corruption of data. EMC Symmetrix Data at Rest Encryption Detailed Review 4
  • 5. Data at Rest Encryption Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Symmetrix systems. Back-end encryption protects your information from unauthorized access when drives are removed from the system. Data at Rest Encryption provides encryption on the back end using Fibre Channel I/O modules that incorporate XTS-AES 256-bit data-at-rest encryption. These modules encrypt and decrypt data as it is being written to or read from a drive. All configured drives are encrypted, including data drives, spares, and drives with no provisioned volumes. In addition, all array data is encrypted, including Symmetrix File System and PowerVault contents. Data at Rest Encryption incorporates RSA® Embedded Key Manager for key management. With Data at Rest Encryption, keys are self-managed, and there is no need to replicate keys across volume snapshots or remote sites. RSA Embedded Key Manager provides a separate, unique DEK for each drive in the array, including spare drives. By securing data on enterprise storage, Data at Rest Encryption ensures that the potential exposure of sensitive data on discarded, misplaced, or stolen media is reduced or eliminated. As long as the key used to encrypt the data is secured, encrypted data cannot be read. In addition to protecting against threats related to physical removal of media, this also means that media can readily be repurposed by destroying the encryption key used for securing the data previously stored on that media. Data at Rest Encryption is compatible with all Symmetrix system features, allows for encryption of any supported local drive types or volume emulations, and delivers powerful encryption without performance degradation or disruption to existing applications or infrastructure. EMC Symmetrix Data at Rest Encryption Detailed Review 5
  • 6. The following illustration shows a high-level overview of the Data at Rest Encryption architecture: Host EMC host software SAN IP Director Director RSA Key Manager Client IO IO IO IO module module module module RSA Embedded Key Manager Server Unencrypted data Service Processor Encrypted data Management traffic Unique key for each physical disk ICO-IMG-000849 Figure 1. Data at Rest Encryption architecture EMC Symmetrix Data at Rest Encryption Detailed Review 6
  • 7. Key management Because encryption offers protection for the data itself, rather than for a device or a host, it is a powerful tool for enforcing your security policies. However, the data security provided by encryption is only as good as the generation, protection, and management of the keys used in the encryption process. Encryption keys must be available when they are needed, but at the same time access to keys must be tightly controlled. The keys themselves, as well as the information required to enable the use of the key during decryption activities, must be preserved for the lifetime of the data. This is especially important for enterprise storage environments where encrypted data is kept for many years. Because of the critical importance of key management in encryption solutions, Data at Rest Encryption was designed to be integrated with RSA Embedded Key Manager. RSA Embedded Key Manager provides enterprise key management for a broad range of encryption environments, establishing a pervasive and secure infrastructure for this essential component of data security. All key generation, distribution, and management capabilities required for Data at Rest Encryption are provided by RSA Embedded Key Manager, according to the best practices defined by industry standards such as NIST 800-57 and ISO 11770. The accessibility of encryption keys is a critical factor in high availability. Data at Rest Encryption addresses this by caching the keys locally so that the need to connect to RSA Embedded Key Manager is limited to maintenance operations such as the initial installation of the Symmetrix system, the replacement of a drive, or drive upgrades. Key management events such as key creation, key deletion, and Key Manager recovery are reported in the Symmetrix Audit Log. RSA Embedded Key Manager components Data at Rest Encryption utilizes the following RSA software, which is compiled into the SymmWin application on the Symmetrix Service Processor: ● RSA Embedded Key Manager Server — an embedded version of RSA Key Manager Enterprise Server, which provides encryption key management capabilities such as secure key generation, storage, distribution, and audit. ● RSA Key Manager client — handles communication with the RSA Embedded Key Manager Server. ● RSA BSAFE® cryptographic libraries — provide foundational security functionality for RSA Embedded Key Manager Server and the RSA Key Manager client. ● RSA Lockbox — a hardware-and software-specific encrypted repository that securely stores passwords and other sensitive key manager configuration information. DEK protection The following features ensure the protection of the DEKs: ● The RSA Embedded Key Manager Server repository is encrypted with 256-bit AES using an RSA-generated random password, which is saved in the RSA Lockbox. ● All persistent key storage locations either contain wrapped or encrypted keys, or unwrapped keys that are protected from access by hardware. DEKs are wrapped by encrypting the key data using a standard AES keywrap operation that utilizes a KEK that is unique to each array. ● There are no backdoor keys or passwords to bypass security. Data integrity The following features allow Data at Rest Encryption to ensure that the correct key is used with the correct drive: ● DEKs stored in the RSA Embedded Key Manager include a unique key tag along with the key metadata, which is included with the key material while wrapping (encrypting) the DEK for use in the array. EMC Symmetrix Data at Rest Encryption Detailed Review 7
  • 8. During encryption I/O, the expected key tag associated with the drive is separately supplied along with the wrapped key. ● During key unwrap (prior to starting an I/O) the encryption hardware checks that the key unwrapped properly and that it matches the supplied key tag. ● Arrays with data encryption enabled have a special Physical Information Block (PHIB) located in reserved space at the beginning of each drive. Before the drive is made available for normal I/O operation, the PHIB contents are used to validate that the key used to encrypt the drive data matches the key in use by the array. ● To prevent silent data corruption due to encryption hardware datapath failures, the hardware performs self-tests during initialization to ensure that the encryption/decryption logic is intact. Operational examples This section describes how Data at Rest Encryption works during several common operations. Installation of a Symmetrix system When an EMC Customer Engineer installs a Symmetrix system: 1. The EMC Customer Engineer enables Data at Rest Encryption by setting the DARE flag in the initial configuration file for the Symmetrix system. 2. The Symmetrix system installation script automatically installs the RSA software on the Service Processor during the installation process. 3. The RSA Embedded Key Manager Server generates DEKs for each drive in the array and a KEK that is unique to the array. 4. Enginuity generates Symmetrix Audit Logs for every key generation event. 5. The RSA Embedded Key Manager Server encrypts the keys and stores them in the local key repository file as non-volatile copies. 6. The RSA Embedded Key Manager Server wraps each DEK with the KEK, and Enginuity stores all of the keys on the array as encrypted, persistent backup copies. The KEK is programmed into write-only, non-volatile memory in the encryption hardware, which cannot be retrieved back from the hardware. 7. Enginuity initializes volumes using the DEKs and writes any incoming host data to the drives as encrypted data. Replacement of a drive When a customer or EMC Customer Engineer removes a drive from an array: 1. The RSA Embedded Key Manager Server securely deletes the key associated with the removed drive from the key repository on the Service Processor. 2. After the customer or EMC Customer Engineer installs the new drive and Enginuity verifies that it is working, the RSA Embedded Key Manager Server generates a new DEK for the drive and wraps the DEK using the KEK. 3. Enginuity generates Symmetrix Audit Log entries for the deletion of the old DEK and the creation of the new DEK. 4. Enginuity caches the new DEK, which replaces the previous drive's DEK. 5. Enginuity validates the contents of the drive and rebuilds the data using the new DEK. EMC Symmetrix Data at Rest Encryption Detailed Review 8
  • 9. Decommissioning of a Symmetrix system When an EMC Customer Engineer decommissions a Symmetrix system: 1. The RSA Embedded Key Manager Server securely deletes all persistent copies of the keys in the key repository. 2. Enginuity zeroizes the cached keys stored within the array. The Symmetrix Audit Log becomes irretrievable from the array due to the key destruction. 3. A certificate file detailing the status of the keys involved in the array decommissioning operation is produced. Data at Rest Encryption options The following options apply to Data at Rest Encryption: ● Data at Rest Encryption is an install-time option only. If Data at Rest Encryption is not enabled during installation, it cannot be enabled at a later time. Conversely, if Data at Rest Encryption is enabled during installation, it cannot be disabled. ● All disk groups are encrypted. Mixing encrypted and unencrypted data within the array is not supported. Conclusion Data at Rest Encryption is an easy-to-use, minimal-maintenance solution for data-at-rest encryption. Data at Rest Encryption keeps information safe from drive theft or loss by providing back-end encryption for the entire array. By utilizing RSA Embedded Key Manager, Data at Rest Encryption is able to self-manage encryption keys, so manual key management is not required. The following table describes the capabilities and benefits of Data at Rest Encryption as compared to other data-at-rest security products on the market: Table 3. Competitive comparison Capability/Benefit EMC Hitachi/HP IBM Storage physical protection Yes Yes Yes Drive segregation Yes: one key per drive. Limited: one key per parity Yes: one key per drive. group with a maximum of 32 keys per array. Multi-layered protection and Yes: redundant internal No: requires manual key No: arrays require access to availability key backup. backup management. one of multiple Tivoli Key Lifecycle Manager servers to boot successfully. Operates without manual Yes No No key management by users Compatible with all array Yes Yes No: FDE is only available on capabilities FC drives and eliminates the use of Easy Tier. EMC Symmetrix Data at Rest Encryption Detailed Review 9