Rest Easy With Data-At-Rest Encryption

Recently, there have been a flurry of data breaches within government agencies and commercial organizations. One thing all of these events have in common is that sensitive information — personal, financial or medical — was stolen and/or exposed. These events show the importance of protecting data itself — not just the network.

According to Lloyd’s of London, these cyber-attacks could soon be costlier than natural disasters. A new report from the specialty insurer claims economic losses related to the cyber threat in the US could be as high as $121 billion.

Many of our storage arrays have been deployed within government agencies, as well as banking, financial, and healthcare organizations. Due to the sensitive nature of these customers’ data, they are mandated to buy products that have obtained industry-standard certifications. It is absolutely critical to ensure the privacy of stored data and protect the organization from liability and loss.

IntelliFlash HD — Now With At-Rest Encryption!

Recently Gartner published its Magic Quadrant for Solid-State Arrays for 2017. In that report they cautioned IT buyers that our highest capacity IntelliFlash HD arrays did not ship with self-encrypting drives. Well, that was accurate when Gartner wrote it, but but our engineers have been busy!

Back on June 28th, we introduced a new generation of IntelliFlash HD multi-tiered arrays, which includes full disk encryption.

Now, all of our storage arrays have full data-at-rest 256-bit AES encryption.

No Impact on Performance

The new IntelliFlash HD array uses self-encrypting drives that support the TCG specification, ensuring all data is encrypted while at rest. There is no performance degradation since the encryption is handled by dedicated multichip crypto modules. The process is completely transparent to the storage admin, as well as your applications.

Each drive in the array has a unique encryption key. The drives are also tamperproof, which prevents hackers from attempting to steal their encryption keys.

Once the encryption is activated, the drive will not honor any data READ or WRITE requests until the corresponding bands have been unlocked. This prevents user data from being accessed without the appropriate credentials when the drive has been power cycled or removed from its slot in the array and installed in another system.

We also allow instant secure erase of one, few, or all drives, which essentially makes the existing data on that drive unrecoverable.

FIPS 140-2 Level 2 Security

The cryptographic module we use in all our storage arrays also meet all requirements applicable to FIPS 140-2 Level 2 security.

FIPS, or the Federal Information Processing Standard, is a U.S. government computer security standard used to approve cryptographic modules.

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access. It also requires role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services.*

Maximum Performance, Minimal Risk

In addition to full data-at-rest encryption, the new IntelliFlash HD is capable of driving over 12.5M IOPS in a single rack and contains the highest density flash available on the market (Up to 500TB of storage capacity in a single rack unit!). It really is ideal for government, finance, and healthcare organizations looking to run their entire data center in all flash, while protecting their sensitive data against hacking and theft.

To learn more about how encryption works as well as other key capabilities in Tegile flash arrays, read the technical white paper on IntelliFlash storage architecture...