Cisco, RSA Combine on SAN Fabricwide Encryption

By Chris Preimesberger  |  Posted 2007-05-23 Print this article Print

An upcoming product will combine Cisco storage encryption with RSA's key manager to provide systemwide security of data and disks.

ORLANDO, Fla.—Cisco Systems and EMCs RSA security division introduced May 23 an extension of their partnership that entails development of encryption for spinning disk or tape storage at the network level. The two companies will combine Ciscos Storage Media Encryption, which provides encryption of stored data as a fabricwide service, and RSAs Key Manager, which is a centralized manager of encryption keys and authentication. The result will be a systemwide capability to encrypt both data and complete disks as required by company policies. It could be used for encrypting such confidential information as medical records, Social Security and credit card information, and government data, for example.
"One of the main reasons we [EMC] acquired RSA [in 2006], was for their encryption key management expertise," EMC Vice President Dave Donatelli told eWEEK.
This new, as yet unnamed product—expected to be made generally available in the second half of 2007—also will manage the encryption keys within the SAN (storage area network) and make the process more secure and easier to manage, said Dennis Hoffman, vice president and general manager for data security at RSA. "Key management often defaults to key storage," Hoffman told a group of journalists and analysts here at the EMC World 2007 conference at the Orange County Convention Center. eWEEK revisits its five steps to enterprise security. Listen to the podcast here. "Management of the keys becomes tantamount to management of the data itself," Hoffman said. "[Encryption] keys have their own life cycle. Encryption wants to take place at various points in the fabric, based on the business processes to be solved. It wants to take place in the customer-facing apps, the server, the storage tiers, databases, etc. "This new centrally managed encryption approach within the fabric takes care of all those needs and eliminates the need to manage stand-alone encryption appliances." Hoffman said that "technically, we can keep the keys as long as we need the keys. One of the reasons for this is that customers wanted this [encryption] higher up in the stack, instead of on devices. Half of our survey respondents wanted to see storage encryption take place in right in the SAN." Using this, companies theoretically will be able to encrypt data with a key and then easily be able to find the key and match it up with the data 30, 40 or 50 years later. Hardware Approach Trumps Straight Software "This is basically a Cisco-based technology that is meant to be deployed on a network switch that also uses the RDA encryption key management," Charles King, senior analyst with Pund-IT in Hayward, Calif., told eWEEK. "There are a couple of interesting things about it. Most encryption is software-based, and that tends to slow down the hardware, since youre loading yet another application layer onto it," King said. Whats interesting about this switch-based approach, King said, is that since the application is located in the fabric of the system, it should have very little, if any, impact on the performance of the storage hardware. Users will be able to have their encryption and their performance, too, he said. "The other interesting aspect is that I would expect to see them come out with support for several specific platforms in time," King said. "Theyre aiming for a heterogeneous approach, so that it will be basically hardware platform-agnostic." So if youve got a heterogeneous storage infrastructure, which most companies have, then "this could provide a single encryption technology that can run all across a companys storage infrastructure. You would be able to encrypt IBM disks and tape, HP disks and tape, NetApp, HP—itll be one solution that will work over everything," King said. Check out eWEEK.coms for the latest news, reviews and analysis on enterprise and small business storage hardware and software.
Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel