IBM announces the release of a hardware-based encryption tool designed to help SMBs protect data. The IBM System x ServeRAID-MR10is Vault adapter tool works with a number of IBM System x servers. The announcement fits in with IBM's push around data storage products and services.
IBM is making a play in the hardware
encryption market with a new tool for securing server hard drives.
The IBM System x ServeRAID-MR10is Vault
adapter tool is a RAID controller with a built-in crypto-engine that encrypts
data written to hard drives. IBM is aiming
the product specifically at small and midsize businesses, which typically
have less in the way of security resources.
"Few SMB organizations have dedicated security personnel or the budget
to purchase expensive, specialized security appliances," said David
Rasmussen, director of IBM's high-volume
System x business. "They also tend to make more frequent use of ... contractors,
temporary employees and non-IT employees, who come and go based on the needs of
the moment to do things such as implement a particular IT or business-side
project. The result is that lots of people, both employees and others, have
physical access to SMB systems."
Talk about the tool comes on the heels
of announcements from IBM
about a slew of new and upgraded products and
services as part of the company's data storage strategy. Officials at IBM
hope the Vault adapter will give them a head start against competitors in the
encryption and storage space.
The controller supports two modes of operation, authenticated and
unauthenticated. In Authenticated Mode, the "security key" used
during the initial setup process to enable encryption is encrypted with a
key derived from a pass phrase provided by the user. Every time the server is
booted, the user enters the pass phrase to enable access to the drive. If a
disk is stolen, however, the pass phrase alone won't decrypt it-the security
key, which stays resident on the controller, is also needed to recover the
The Unauthenticated Mode mainly protects data when an individual drive is
taken. If a drive is physically removed from the server, the data on it is
fully encrypted with the security key and it remains safe from unauthorized
release, IBM officials said.
"A client would opt to do this for convenience-the system can be
brought up without an operator having to enter a pass phrase to gain access to
the secured data," Rasmussen said. "The downside is that if someone
steals the entire server, including the controller and the disk drives, they
can get at the data by simply powering up the server."
The tool also lowers the cost of drive disposal, and can help
organizations avoid the types of issues that arose when a computer
was sold on eBay in August with unencrypted consumer data still on the
drive, Rasmussen said. Since it is hardware-based, it does not affect server
performance the way software-based encryption would, he added.
"This fills a gap left by software encryption
solutions, providing better encryption security and performance," argued
Rasmussen. "The new tool provides more robust protection against theft of
sensitive data on hard drives-whether they be in an unsecured physical
environment, vulnerable to insider tampering or stolen-than has been available