SafeNet StorageSecure

For protection of corporate data against unauthorized access to under-exploit only traditional tactics of prevention of leaks and prevention of threats. The StorageSecure device is the industry-first solution for security of network systems of data storage (NAS) which allows to perform granular enciphering of the data transferred on network at speeds in several Gbps. At the same time customers get advantages of the improved data management, compliances to security policies and reliable storage of crucial information.

Sid Deshpande, the analyst of Gartner, notes that as a result of rapid growth of volumes of digital content and unstructured data also the number of the users implementing at themselves scalable network systems of data storage (NAS) grows. Consolidation of corporate data, including confidential information, and their transfer in the large centralized repositories which network systems of data storage are, leads to emergence of a number of the problems and security risks connected with observance of normative legal requirements. Multi-user NAS of an environment assume increase in number of the users and administrators of DWH having access rights to the same environment of data storage. For prevention of unauthorized access and prevention of use of confidential data and also for the purposes of effective audit, users need to implement new methods of protection of the data.

The StorageSecure system was developed in cooperation with NetApp, industry leader in the solutions NAS, and designed to satisfy these requirements. Thanks to granular enciphering, customers can differentiate use of data in network systems of data storage, avoid situations when administrators of storage systems could get access to confidential information, at the same time without limiting their possibility of accomplishment of the daily work. Besides, customers have an opportunity of effective destruction of data as required and also reliable audit and logging of any events of data access, protected using StorageSecure.

In the report of "Hype Cycle for Data and Collaboration Security 2012" of July 27, 2012 Eric Oulette, the analyst from Gartner, reported that the organizations using several separate / isolated solutions for enciphering of storage systems should study advantages of consolidation of separate solutions in the single solution for enciphering which is placed in a data processing center for simplification and reduction in cost of procedures of implementation and operation and also for implementation uniform the politician of enciphering.

The solution StorageSecure provides to customers the following advantages:

• Data protection on the basis of security policies: Granular data encryption, transmitted using the CIFS file systems (Common Internet File System) and NFS (Network File Service), at the level of directories, with separation of the data which are stored in environments of NAS for the general access allows to guarantee that data of users will be completely isolated and protected from unauthorized access from other users or administrators. For the first time the additional level of protection against unreliable administrators was provided to the industries.
• Expanded means for data management (Data Governance): The StorageSecure device meets the requirements of the standard of security of FIPS 140-2 of Level 3 and is the network device, steady against cracking, with the guaranteed audit and centralized operation by security policies which allows to store encryption keys and to manage them in completely protect mode. All this gives the chance to conduct the most general audit of events of access to the confidential information which is stored in network systems of data storage.
• Protection of investments: The StorageSecure device is integrated into existing by IT of architecture, can use the existing security policies and means of client authentication of the Active Directory, Lightweight Directory Access Protocol (LDAP) or Network Information Service (NIS), and supports operation of any NAS devices and file servers based on the CIFS and NFS protocols.
• Cross-platform key management: Being a part of a solution portfolio of SafeNet for data protection, the StorageSecure device is integrated with corporate solution of SafeNet for key management – KeySecureTM. KeySecure allows the staff of Information Security Services to manage on a centralized basis encryption keys for all platforms of enciphering which are used at the enterprise. At the same time, this solution also the politician allows to simplify the procedure of administration of keys. Constructed based on the KMIP protocol (the standard industry protocol for key management), KeySecure provides an opportunity to manage keys for the StorageSecure device and for the most various solutions for enciphering of DWH, including for encryption systems in storage area networks (SAN). Among other the solution allows to manage keys to switches of enciphering Brocade encryption switch (BES), to the self-ciphered drives (self-encrypted drives, SED) which are used in many modern storage area networks and network storages (for example, in NetApp of NSE) and also to the self-ciphered tape drives for data backup.