HP adds encryption gear for storage systems
Tape and virtual tape get algorithmic
Hewlett-Packard is delivering a fresh batch of encryption add-ons and products for tape drives and virtual tape libraries.
The additions officially rolling out Monday include a fabric switch with encryption and key management, an encryption kit for MSL Tape Libraries, additional compatibility for HP's key manager appliance and an online security assessment quiz.
MDS 9000 series switches (courtesy Cisco) get encryption and key management added for tape drives and virtual tape libraries with the new HP C-Series MDS 9000 Storage Media Encryption (SME) fabric switch.
The switch encrypts data on a per-tape basis using AES 256 bit encryption. SME software is built to run on MDS 9200 and 9500 series switches and directors, although HP is currently pitching its new MDS 9222i switch with the cryptographic engine built in.
The MDS 9222i is available now, with a list price of $83,500.
HP is also announcing an encryption add-on kit for small businesses running 1/8 G2 Tape Autoloader and MSL Tape Libraries with LTO-4 tape.
The StorageWorks 1/8 G2 & MSL LTO-4 Encryption Kit (catchy name, yes?) consists of two USB devices that plug into the MSL library to make and retain encryption keys. One device is assigned to generate the keys, the other is for backup.
The StorageWorks 1/8 G2 & MS...ahem...the kit is scheduled to land next June, for $2,500.
Last on the hardware-side, HP is turning its Compliance Log Warehouse (CLW) appliance and Secure Key Manager (SKM) appliance into a buddy act.
SKM centralizes key management for encryption devices. CLW generates a compliance report audit-trail for the entire data center. Now CLW can also store information about encryption key use.
That additional functionality comes in the form of an upgrade. Both devices are currently available. The Secure Key Manager has a list price of $100,000, and the Compliance Log Warehouse goes for $125,000 per node.
HP is also offering a new online tool called Storage Security Assessment. It's sort of a free self-test — which by the way, is how Scientologists hook you in too.
The assessment tool asks the user questions to gauge about how well they are managing security risks, complying with data privacy regulations and the like. Those answers generate a personalized report offering suggestions on storage and backup.
HP's Storage Security Self-Assessment Tool can be found over here, and should only cost the time it takes to fill it out. ®
If the memory of the process with the data is readable then data you are attempting to protect is readable.
Since it needs to be readable in one spot, why push it out to an external interface in that same readable format?
Especially if the data is so important that it needs to be copied offsite to allow for recovery.
I'd think the reason they offload it to another system is security related. If the keys don't exist in memory accessible to the operating systems processor it would make them much more difficult to compromise.
I could be wrong and they could just inflating the price by providing a hardware solution.
Unless I'm mistaken, LTO-4 uses AES256-GCM encryption by default.