Self-encrypting drives (SED): helping prevent data loss, theft, and misplacement

Similar documents
Intelligent Drive Recovery (IDR): helping prevent media errors and disk failures with smart media scan

Intelligent Drive Recovery (IDR): helping prevent media errors and disk failures with smart media scan

SEAhawk and Self Encrypting Drives (SED) Whitepaper

Dell PS Series Architecture: Self Encrypting Drive Management with PS Series Storage Arrays

Using EonStor DS Series iscsi-host storage systems with VMware vsphere 5.x

NexentaStor 5.1 Data-At-Rest Encryption With Self-Encrypting Drive Reference Architectures Configuration QuickStart

Why Use Cisco Network Storage Systems for Your Business

Milestone Solution Partner IT Infrastructure Components Certification Report

IBM Spectrum NAS. Easy-to-manage software-defined file storage for the enterprise. Overview. Highlights

Slide 0 Welcome to the Support and Maintenance chapter of the ETERNUS DX90 S2 web based training.

EonStor DS - iscsi Series High-Availability Solutions Delivering Excellent Storage Performance

SECURE DATA EXCHANGE

Storageflex HA3969 High-Density Storage: Key Design Features and Hybrid Connectivity Benefits. White Paper

The term "physical drive" refers to a single hard disk module. Figure 1. Physical Drive

Internet of Things Toolkit for Small and Medium Businesses

A practical guide to IT security

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

TANDBERG Management Suite - Redundancy Configuration and Overview

Best practices for mobile device encryption and security

Fix Three Common Accounting Firm Data Vulnerabilities

HELPFUL TIPS: MOBILE DEVICE SECURITY

Managing Storage Adapters

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

ios 12: Change these privacy and security settings now

How To Encrypt a Windows 7, 8.1 or 10 laptop or tablet

WHITEPAPER E-SERIES ENCRYPTION

Control-M and Payment Card Industry Data Security Standard (PCI DSS)

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Copyright 2013

device management solution

6 Vulnerabilities of the Retail Payment Ecosystem

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

BitLocker Encryption for non-tpm laptops

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Vess. Architectural & Engineering Specifications For Video Surveillance. A2600 Series. Version: 1.2 Sep, 2012

Trusted Platform Module (TPM) Quick Reference Guide

May 2016 If you have questions regarding a particular customer situation, please reach out to DL-SYMC- Encryption-Ask-PM for guidance.

EonStor DS - SAS Series High-Availability Solutions Delivering Excellent Storage Performance

How to Build a Culture of Security

WHITE PAPER. Authentication and Encryption Design

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Installing the IBM ServeRAID Cluster Solution

Dell PowerEdge RAID Controller (PERC) S130 User s Guide

SECURITY PRACTICES OVERVIEW

Tax-Aide TrueCrypt Utility For Tax Year 2010

Solid State Drive (SSD) Cache:

MEEM Memory Ltd. User Guide ios

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

SafeStick/SafeXs. User Guide. Created by BSO ITS Security Team Version 1.4

12 Habits of Highly Secured Magento Merchants

Tax-Aide TrueCrypt - Version 6.2. Quick Start Guide

ETERNUS DX80 S2, DX90 S2, DX410 S2 and DX440 S2

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION

First Edition, July 2011

Before Reading This Manual This section explains the notes for your safety and conventions used in this manual.

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

SECURE CLOUD BACKUP AND RECOVERY

IT Systems / Enterprise Storage Solutions EonStor A24F R2224

8G Fibre to SAS 6G SAS to SAS 10G iscsi to SAS

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Mobile Data Security Essentials for Your Changing, Growing Workforce

Achieving End-to-End Security in the Internet of Things (IoT)

SECURITY & PRIVACY DOCUMENTATION

Trusted Computing As a Solution!

10 Having Hot Spare disks available in the system is strongly recommended. There are two types of Hot Spare disks:

Computer Security Policy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Highlights. EonStor DS.

Highly Secure Translation Editor

NetApp Encryption Power Guide

Dell PowerEdge RAID Controller S140 - PERC S140. User s Guide

Choosing a Full Disk Encryption solution. A simple first step in preparing your business for GDPR

ModeChanger

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

INDeX Technical Tip. Tip No: 234 Release Date: 20 August 2004 Region: EMEA & APAC. EVM Raid Information. Overview. RAID 5 Stripe Set with Parity

Why Implement Endpoint Encryption?

DOCUMENT CONSULTING MAXIMUM DATA SECURITY WITH UTAX GUARANTEED.

Introduction. Security Edition User Guide

Physical Safeguards Policy July 19, 2016

IBM System Storage DS3000 Storage Manager

Box Competitive Sheet January 2014

Dell EMC PowerEdge RAID Controller (PERC) 10 User s Guide

IRONKEY WORKSPACE PROVISIONING TOOL 1.3. User Guide

Apple OS Deployment Guide for the Enterprise

Technical Brief. NVIDIA Storage Technology Confidently Store Your Digital Assets

GE Fanuc Intelligent Platforms

FlexFlash SD Card Support

Want to make it. your. own device? OFFICE PRODUCTS

RocketRAID 2840A. SAS 6Gb/s PCI-Express 3.0 x8 RAID Controller. User s Guide v1.0

Course Outline (version 2)

Multilayered Print Protection: How Dell empowers organizations to take control of printer security

BitLocker to Go: Encryption for personal USB

Chapter 4. Network Security. Part II

PowerVault MD3 Storage Array Enterprise % Availability

Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide

RAID Levels Table RAID LEVEL DESCRIPTION EXAMPLE

Unified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions

How To Reset Locked Ipod Touch To Factory Settings Without Computer

Transcription:

Self-encrypting drives (SED): helping prevent data loss, theft, and misplacement White paper Version: 1.1 Updated: Sep., 2017 Abstract: This white paper introduces Infortrend self-encrypting drive technology, or SED, an advanced data security solution based on the ability of disk drives to autonomously encrypt and add a layer of protection for valuable stored data. It covers the essentials of enabling SED global and local keys to offer flexible protective options. SED can keep your data safe even if drives are lost, stolen, or misplaced by accident across different storage enclosures. The document also touches on different SED logical drive roaming scenarios to illustrate approaches to data protection offered by SED on Infortrend storage systems as part of providing a highly efficient and cost-effective solution that optimizes IT resources and provides agility in dealing with burgeoning secure data needs.

Contents Contents... 2 Introduction... 3 Products covered by this document... 3 What is an SED?... 3 Why implement SED protection?... 3 How it works... 4 SED protection... 4 Infortrend flexible SED key introduction... 4 How to enable SED key?... 5 SED function operation... 7 Auto lock... 7 Secure/quick erase... 7 Drive-based operation view... 7 SED LD roaming operation... 8 What is SED LD roaming?... 8 SED LD roaming scenarios... 8 Conclusions... 9 Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 2 / 9

Introduction One of the most important capabilities of a storage system is providing protective mechanisms against the high cost and other negative results of data breach or loss. Infortrend has always placed an emphasis on innovating new security measures and incorporating solutions as they emerge across the industry. Infortrend aims to enhance the security capabilities of as many storage products as possible while maintaining an attractive cost proposition, encouraging and helping organizations put comprehensive security strategies in place to better safeguard their data. Products covered by this document EonStor DS family What is an SED? SEDs have an encryption controller (ASIC) and an encryption key both embedded on the hard drive itself. SED encryption is automatic and transparent without performance degradation. A unique encryption key is generated randomly at the factory for each SED. The encryption is essentially fail-safe, and means drives are extremely secure when installed in an array or when removed so even if the physical drive is stolen or misplaced, the data on it remains protected against intrusion. Why implement SED protection? To avoid the high cost and many other negative consequences of a data breach or loss, it is important for organizations to put a comprehensive security strategy in place. This requires understanding where data is at all times across the entire organization and securing it at each stage and point. These points or levels of security can be broken down into three basic categories: data-in-use, data-in-motion, and data-at-rest. Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 3 / 9

The primary focus of SED solutions is securing data at rest. Self-encrypting drives (SEDs) are well-suited to mitigating the security vulnerabilities of data at rest, and are becoming a standard technology provided by many of the world s top hard drive vendors. This allows for interoperability and ensures greater market competition and more attractive pricing. Based on the Infortrend SED solution, users can secure data efficiently and easily How it works SED automatically executes full disk encryption when a write job is performed by using the embedded encryption key. Encrypted data is decrypted before leaving the drive when a read request is met. When a new SED is acquired, it already has an embedded encryption key, until the user evokes it to start the authentication check process. SED protection Infortrend flexible SED key introduction Custom settings included with the Infortrend SED solution allow users to set global and local keys separately Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 4 / 9

through a few simple steps in the dedicated SED sub-section of the GUI. All SED functions are integrated into the intuitive and user friendly Infortrend SANWatch interface for easy access. How to enable SED key? Global key settings are for a subsystem rather than a logical disk, and users can enable and apply an SED key directly Use a password to generate the key for an SED Create an encrypted key file for an SED The authentication key then saves onto the backplane Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 5 / 9

Local key settings apply to logical disks on Infortrend EonStor DS systems, which offer the flexibility of creating different local keys for each logical disk, as needed by users Use a password to generate the key for an SED Create an encrypted key file for an SED Authentication key then saves onto the hard drive Introduction to enabling SED functionality and its scope Things to consider when mixing SED and non-sed in the same logical disk Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 6 / 9

All SEDs of a specific LD/element must be at the same security status (all secured or all unsecured) During LD creation, SED and non-sed intermix is not supported LD rebuilding supports the use of SED-only spares SED function operation Auto lock This feature is supported. Users are prompted to unlock an auto locked LD when the system is reset or rebooted. Authentication/unlocking require password or encryption key for access. Secure/quick erase Allows users to quickly and easily erase specific SEDs through the GUI. This is another benefit of enabling the SED feature, as the device can be securely erased in a matter of seconds, as opposed to several hours using traditional drive wipe methods. The SED can be instructed to simply change the encrypted key, rendering all data on the drive effectively unreadable or destroyed. The data remains in an inaccessible encrypted format that can no longer be used, making traditional time-consuming deletion unnecessary Secure/quick erase available for specific SEDs, independent of any overall LD Drive-based operation view Users can check attributes to obtain information for every drive easily through the GUI Indicates the security status of selected drives as shown below Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 7 / 9

SED LD roaming operation What is SED LD roaming? Moving or migrating an SED-enabled logical drive between Infortrend storage systems or enclosures SED LD roaming scenarios Move SED-enabled LD to a system with the same global/local SED key Enables SED security for the LD automatically after roaming Move SED-enabled LD to a system with a different global/local SED key Locks and takes the LD offline (moving an isolated logical drive) To bring the SEDs in an isolated LD back online: ask to authenticate with old key, then forcibly modify it with a current key Move SED-enabled LD to a system not configured with any SED key Locks and takes the LD offline (moving an isolated logical drive) Bring the LD online: ask to authenticate with old key unlock, then set SED status to disabled Roaming to a system with no SED support, but with properly licensed firmware Upgrade to new firmware, license and install SANWatch build with Infortrend SED feature Bring the LD online: ask to authenticate with old key unlock, then set SED status to disabled Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 8 / 9

Caution: 1. Older models may not support SED without upgrading to the latest firmware, license, and SANWatch version simultaneously. Models prior to the EonStor DS G7 series do not offer SED support (EonStor DS G6 and older) 2. Important! SED and non-sed mix not allowed during LD creation. Mixing the two types may cause LD formatting failure 3. If a controller fails, in-progress scan operations resume when another controller takes over (only applies to models with redundant controllers) Conclusions Infortrend EonStor DS systems offer comprehensively and thoughtfully-designed RAID storage products that augment data protection in numerous ways. As Infortrend is always keen on implementing new and more advanced security measures, we are taking decisive action to make self-encrypting disks (SEDs) available on a variety of recent and future systems. SED technology offers one of the most airtight data protection methods available in the storage industry, and directly addresses many widespread causes of data loss. Infortrend SED via the SANWatch interface is also very easy to use and has no negative impact on system performance. Users do not require extensive technical training to make the most of our SED functionality, and can quickly and conveniently tap greater flexibility with multiple settings and the ability to apply them to specific drives. Once more, it is important to remember that SED also brings major time savings when deleting data: changing encryption in mere seconds with a few mouse clicks is much preferable to traditional data deletion methods, which take exponentially more time to complete and are less secure. As storage and security continue to converge, solutions like SED are leading the way by providing organizations with the strong, easy-to-use security needed to protect data. As always, Infortrend is leading the move towards more readily available and reliable deployment of the latest storage technologies, and is your best personal partner in meeting the needs of your organization. Copyright 2014 Infortrend Technology, Inc. All rights reserved. Page 9 / 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback