ORLANDO, Fla.—Cisco Systems and EMCs RSA security division introduced May 23 an extension of their partnership that entails development of encryption for spinning disk or tape storage at the network level.
The two companies will combine Ciscos Storage Media Encryption, which provides encryption of stored data as a fabricwide service, and RSAs Key Manager, which is a centralized manager of encryption keys and authentication.
The result will be a systemwide capability to encrypt both data and complete disks as required by company policies. It could be used for encrypting such confidential information as medical records, Social Security and credit card information, and government data, for example.
“One of the main reasons we [EMC] acquired RSA [in 2006], was for their encryption key management expertise,” EMC Vice President Dave Donatelli told eWEEK.
This new, as yet unnamed product—expected to be made generally available in the second half of 2007—also will manage the encryption keys within the SAN (storage area network) and make the process more secure and easier to manage, said Dennis Hoffman, vice president and general manager for data security at RSA.
“Key management often defaults to key storage,” Hoffman told a group of journalists and analysts here at the EMC World 2007 conference at the Orange County Convention Center.
“Management of the keys becomes tantamount to management of the data itself,” Hoffman said. “[Encryption] keys have their own life cycle. Encryption wants to take place at various points in the fabric, based on the business processes to be solved. It wants to take place in the customer-facing apps, the server, the storage tiers, databases, etc.
“This new centrally managed encryption approach within the fabric takes care of all those needs and eliminates the need to manage stand-alone encryption appliances.”
Hoffman said that “technically, we can keep the keys as long as we need the keys. One of the reasons for this is that customers wanted this [encryption] higher up in the stack, instead of on devices. Half of our survey respondents wanted to see storage encryption take place in right in the SAN.”
Using this, companies theoretically will be able to encrypt data with a key and then easily be able to find the key and match it up with the data 30, 40 or 50 years later.
Hardware Approach Trumps Straight Software
“This is basically a Cisco-based technology that is meant to be deployed on a network switch that also uses the RDA encryption key management,” Charles King, senior analyst with Pund-IT in Hayward, Calif., told eWEEK.
“There are a couple of interesting things about it. Most encryption is software-based, and that tends to slow down the hardware, since youre loading yet another application layer onto it,” King said.
Whats interesting about this switch-based approach, King said, is that since the application is located in the fabric of the system, it should have very little, if any, impact on the performance of the storage hardware. Users will be able to have their encryption and their performance, too, he said.
“The other interesting aspect is that I would expect to see them come out with support for several specific platforms in time,” King said. “Theyre aiming for a heterogeneous approach, so that it will be basically hardware platform-agnostic.”
So if youve got a heterogeneous storage infrastructure, which most companies have, then “this could provide a single encryption technology that can run all across a companys storage infrastructure. You would be able to encrypt IBM disks and tape, HP disks and tape, NetApp, HP—itll be one solution that will work over everything,” King said.