Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

HP Overhauls Storage Security

Vendor prepares encryption switch and tighter integration of compliance and key management

By James Rogers, April 4, 2008, 6:00 PM

HP will overhaul its storage security offerings next week with a souped-up fabric switch, enhanced key management, and an encryption kit for tape libraries and autoloaders.

First up is the C-Series MDS 9222i Storage Media Encryption (SME) switch. “That allows you to encrypt data through any port on the switch,” says Adam Thew, HP’s director of products for nearline products. “It’s basically targeted at legacy tape. This is really for places where they have older environments than LTO 4, where they want to encrypt the data going to virtual tape." He explains that, whereas LTO 4 has native encryption, earlier versions of the technology do not.

”Up until now, if customers had been looking to go to tape level encryption, they have had to upgrade their tape to LTO 4, but this is a solution to avoid that,” says Thew.

HP is not the first vendor to focus its energy on switch fabric encryption. Last year, for example, Cisco teamed up with EMC's RSA division to encrypt data traveling across the network on its family of switches, although users were reluctant to abandon more traditional encryption methods.

HP’s C-Series MDS 9222i is actually OEM’d from Cisco, although Thew told Byte and Switch that the technology can be deployed either as a dedicated switch, the MDS 9222i, or as a blade for HP’s 9000 series switches.

The MDS 9222i encryption switch, plus its software license, is available now, priced at $83,500. The 18/4 encryption blade is also available now, priced at around $50,0000, plus a $27,995 software license.

With HP CEO Mark Hurd looking to boost the vendor’s storage sales, it is hardly surprising that the company is using security to breathe life into this part of its business. As a result, the vendor will also turn its attention to key management and compliance next week.

”We have integrated our Secure Key Manager [device] with our Compliance Log Warehouse [device],” says Thew, referring to the Secure Key Manager device that manages LTO encryption keys and the vendor’s log monitoring appliance. “It’s an API-level integration that we have done that is invisible to the IT administrator.”

With users increasingly looking for better log management, the exec says that it made sense to tie the two products more closely together.

”You can export the logs and the activity information such as when keys are generated, and who authorized them, into the Compliance Log Warehouse,” he says. “This compiles and compresses the information and generates reports in compliance with likes of HIPAA, Sarbanes Oxley, and the EU Data Retention Act.”

Pricing for the Secure Key Manager starts at $100,000, and the Compliance Log Warehouse has a list price of $225,000. Both devices are currently available, although HP says that there is no additional cost for the software client used to open their APIs.

The vendor will also take aim at the smaller environments with a single tape library or autoloader next week with the launch of its StorageWorks Encryption Kit, a memory-stick sized device for storing keys. “It plugs into a USB port on the back of the autoloader or MSL library, and it generates and manages the keys for the encryption process,” says Thew.

The Encryption Kit, which is available in June, priced at $2,500, can handle up to 100 keys, compared to the Secure Key Manager’s 100,000.

”Rule number one of key management is always have two copies,” says Thew, but he admits that the products launched next week will only work with HP kit.

”Today, there is no standard for key management, but we’re actively working on that with other vendors and the Storage Networking Industry Association. I expect that we will have standards to announce in early 2009, and then I think we will see products implementing that standard some time later.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • EMC Corp. (NYSE: EMC)
  • Hewlett-Packard Co. (NYSE: HPQ)
  • RSA Security Inc. (Nasdaq: EMC)
  • Storage Networking Industry Association (SNIA)

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/14/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Why Cybersecurity's Silence Matters to Black Lives
    Tiffany Ricks, CEO, HacWare,  7/8/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11083
    PUBLISHED: 2020-07-14
    In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of...
    CVE-2020-5246
    PUBLISHED: 2020-07-14
    Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with L...
    CVE-2019-12773
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product ...
    CVE-2019-12783
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the targe...
    CVE-2019-12784
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess an...