Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

HP Overhauls Storage Security

Vendor prepares encryption switch and tighter integration of compliance and key management

By James Rogers, April 4, 2008, 6:00 PM

HP will overhaul its storage security offerings next week with a souped-up fabric switch, enhanced key management, and an encryption kit for tape libraries and autoloaders.

First up is the C-Series MDS 9222i Storage Media Encryption (SME) switch. “That allows you to encrypt data through any port on the switch,” says Adam Thew, HP’s director of products for nearline products. “It’s basically targeted at legacy tape. This is really for places where they have older environments than LTO 4, where they want to encrypt the data going to virtual tape." He explains that, whereas LTO 4 has native encryption, earlier versions of the technology do not.

”Up until now, if customers had been looking to go to tape level encryption, they have had to upgrade their tape to LTO 4, but this is a solution to avoid that,” says Thew.

HP is not the first vendor to focus its energy on switch fabric encryption. Last year, for example, Cisco teamed up with EMC's RSA division to encrypt data traveling across the network on its family of switches, although users were reluctant to abandon more traditional encryption methods.

HP’s C-Series MDS 9222i is actually OEM’d from Cisco, although Thew told Byte and Switch that the technology can be deployed either as a dedicated switch, the MDS 9222i, or as a blade for HP’s 9000 series switches.

The MDS 9222i encryption switch, plus its software license, is available now, priced at $83,500. The 18/4 encryption blade is also available now, priced at around $50,0000, plus a $27,995 software license.

With HP CEO Mark Hurd looking to boost the vendor’s storage sales, it is hardly surprising that the company is using security to breathe life into this part of its business. As a result, the vendor will also turn its attention to key management and compliance next week.

”We have integrated our Secure Key Manager [device] with our Compliance Log Warehouse [device],” says Thew, referring to the Secure Key Manager device that manages LTO encryption keys and the vendor’s log monitoring appliance. “It’s an API-level integration that we have done that is invisible to the IT administrator.”

With users increasingly looking for better log management, the exec says that it made sense to tie the two products more closely together.

”You can export the logs and the activity information such as when keys are generated, and who authorized them, into the Compliance Log Warehouse,” he says. “This compiles and compresses the information and generates reports in compliance with likes of HIPAA, Sarbanes Oxley, and the EU Data Retention Act.”

Pricing for the Secure Key Manager starts at $100,000, and the Compliance Log Warehouse has a list price of $225,000. Both devices are currently available, although HP says that there is no additional cost for the software client used to open their APIs.

The vendor will also take aim at the smaller environments with a single tape library or autoloader next week with the launch of its StorageWorks Encryption Kit, a memory-stick sized device for storing keys. “It plugs into a USB port on the back of the autoloader or MSL library, and it generates and manages the keys for the encryption process,” says Thew.

The Encryption Kit, which is available in June, priced at $2,500, can handle up to 100 keys, compared to the Secure Key Manager’s 100,000.

”Rule number one of key management is always have two copies,” says Thew, but he admits that the products launched next week will only work with HP kit.

”Today, there is no standard for key management, but we’re actively working on that with other vendors and the Storage Networking Industry Association. I expect that we will have standards to announce in early 2009, and then I think we will see products implementing that standard some time later.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • EMC Corp. (NYSE: EMC)
  • Hewlett-Packard Co. (NYSE: HPQ)
  • RSA Security Inc. (Nasdaq: EMC)
  • Storage Networking Industry Association (SNIA)

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/10/2020
    Researcher Finds New Office Macro Attacks for MacOS
    Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
    Lock-Pickers Face an Uncertain Future Online
    Seth Rosenblatt, Contributing Writer,  8/10/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: It's a technique known as breaking out of the sandbox kids.
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Changing Face of Threat Intelligence
    The Changing Face of Threat Intelligence
    This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-24330
    PUBLISHED: 2020-08-13
    An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
    CVE-2020-24331
    PUBLISHED: 2020-08-13
    An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
    CVE-2020-24332
    PUBLISHED: 2020-08-13
    An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
    CVE-2020-0261
    PUBLISHED: 2020-08-13
    In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14605...
    CVE-2020-17498
    PUBLISHED: 2020-08-13
    In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.