IBM is making a play in the hardware encryption market with a new tool for securing server hard drives.
The IBM System x ServeRAID-MR10is Vault adapter tool is a RAID controller with a built-in crypto-engine that encrypts data written to hard drives. IBM is aiming the product specifically at small and midsize businesses, which typically have less in the way of security resources.
"Few SMB organizations have dedicated security personnel or the budget to purchase expensive, specialized security appliances," said David Rasmussen, director of IBM's high-volume System x business. "They also tend to make more frequent use of ... contractors, temporary employees and non-IT employees, who come and go based on the needs of the moment to do things such as implement a particular IT or business-side project. The result is that lots of people, both employees and others, have physical access to SMB systems."
Talk about the tool comes on the heels of announcements from IBM about a slew of new and upgraded products and services as part of the company's data storage strategy. Officials at IBM hope the Vault adapter will give them a head start against competitors in the encryption and storage space.
The controller supports two modes of operation, authenticated and unauthenticated. In Authenticated Mode, the "security key" used during the initial setup process to enable encryption is encrypted with a key derived from a pass phrase provided by the user. Every time the server is booted, the user enters the pass phrase to enable access to the drive. If a disk is stolen, however, the pass phrase alone won't decrypt it-the security key, which stays resident on the controller, is also needed to recover the data.
The Unauthenticated Mode mainly protects data when an individual drive is taken. If a drive is physically removed from the server, the data on it is fully encrypted with the security key and it remains safe from unauthorized release, IBM officials said.
"A client would opt to do this for convenience-the system can be brought up without an operator having to enter a pass phrase to gain access to the secured data," Rasmussen said. "The downside is that if someone steals the entire server, including the controller and the disk drives, they can get at the data by simply powering up the server."
The tool also lowers the cost of drive disposal, and can help organizations avoid the types of issues that arose when a computer was sold on eBay in August with unencrypted consumer data still on the drive, Rasmussen said. Since it is hardware-based, it does not affect server performance the way software-based encryption would, he added.
"This fills a gap left by software encryption solutions, providing better encryption security and performance," argued Rasmussen. "The new tool provides more robust protection against theft of sensitive data on hard drives-whether they be in an unsecured physical environment, vulnerable to insider tampering or stolen-than has been available previously."