By Henry Baltazar  |  Posted 2005-08-15 Print this article Print

Ingrian Networks Inc.s Ingrian i321 DataSecure Appliance provides powerful application-level encryption to protect critical business data. With the seemingly constant introduction of stringent regulations calling IT managers into action, a large number of solutions are entering the market designed to fit specific needs. Application-level encryption devices such as the i321 DataSecure Appliance are not designed to encrypt entire file systems and volumes, as do competing products from Decru Inc. and NeoScale Systems Inc., but are designed instead to provide extremely focused security that discourages internal attacks.

The security provided by the i321 DataSecure Appliance can help IT managers attain compliance with regulations in a wide range of areas, including health care (Health Insurance Portability and Accountability Act), retail (Visa USA Inc.s Cardholder Information Security Program) and consumer privacy laws (such as the California Security Breach Information Act).

The i321 DataSecure Appliance, which is 2U (3.5 inches) in size, has 2GB of RAM and is powered by twin Intel Corp. Xeon 2.8GHz processors. Dual power supplies and fans provide redundancy to keep the appliance resilient. The devices chassis has FIPS (Federal Information Processing Standards) 140-2 Level 3 compliance, which makes it resistant to physical tampering.

It is possible to attain similar functionality by implementing encryption technology in databases such as Oracle Corp.s Oracle 10g, but because the i321 appliance itself performs the encryption processing, it preserves database server CPU cycles. In addition, unlike non-application-level encryption solutions, the DataSecure appliances, which manage their own keys, provide strong protection even if an intruder gets access to a database server.

With a starting price of $32,500, the cost of a DataSecure appliance is not trivial. And because the i321 can potentially become a single point of failure, we recommend IT managers start with a pair of appliances. Ingrian officials said they are working on lower-price appliances that will be deployable to multiple sites—a good idea, eWEEK Labs believes, for retail environments.

IT managers should keep in mind that the introduction of encryption/decryption into the data stream will create latency, which means managers need to prioritize the data fields they want to encrypt in their databases. During tests, for example, eWEEK Labs encrypted specific customer fields in a Microsoft Corp. SQL Server database.

However, with its ability to process as many as 12,000 secure cryptographic operations per second, the i321 DataSecure Appliance should be powerful enough so that most SMBs (small and midsize businesses) wont notice a performance difference. For larger businesses and for organizations that are transaction-intensive, multiple DataSecure appliances can be clustered.

Click here to read how Ingrian DataSecure Appliances are being used at Vegas.com. Introduced in a software update for all DataSecure appliances is a bulk-loading feature that lets the devices quickly encrypt or decrypt large amounts of data. Unlike standard encryption, which waits for confirmation for each encrypt operation before going to the next, the bulk loader runs asynchronously.

Using the bulk loader, we encrypted 5 million credit card numbers in our database in a matter of minutes.

To implement the i321 DataSecure Appliance, software needs to be installed on the database server. Once the connector is installed, the appliance can encrypt select columns using encryption algorithms, including AES (Advanced Encryption Standard), Triple DES (Data Encryption Standard) and RSA Security Inc.s RSA.

Although the i321 DataSecure Appliance was fairly easy to install and manage in our small test network, we strongly suggest that IT managers budget time for analyzing their business processes so they can effectively tailor encryption and access controls. Unlike storage and file-system-level encryption products, which are transparent to applications, the i321 DataSecure Appliance cannot be deployed quickly without the help of database administrators and application developers.

Performance testing and interoperability testing time must also be budgeted before rolling out application-level encryption solutions such as the i321 DataSecure Appliance. Next page: Evaluation Shortlist: Related Products.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel