Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Hardware Eases Encryption Equation

Financial services firms shun software in search of big savings, speedy encryption

Could encryption devices open the door to massive savings and faster backups? For financial firms Regulus Group and J.B. Hanauer, which recently chose hardware over software encryption, the answer is yes, although challenges remain where key management's concerned.

Napa, Calif.-based Regulus Group hopes to reap the financial benefits of a major security overhaul at its primary data center and a backup site in Charlotte, N.C. Back in March, the bill presentment specialist deployed 10 Decru DataFort-FC devices in an attempt to save money and streamline its infrastructure.

Previously, the firm, which has around 80 Tbytes of data on IBM SANs and tape libraries, was using more than 70 different software applications to encrypt data. "Key management on that type of thing was a nightmare," says Christian Philips, Regulus' chief security officer. "By going with a hardware solution, we were able to circumvent that whole morass of infrastructure."

The fact that the bulk of these software applications were custom built simply added to Philips' stress levels. "We had three people that just did the key management," he says.

With the DataForts, though, the exec expects some big annual savings in software development, licensing, and maintenance. "In an organization like ours, which is a heavy user of encryption, it's in the millions of dollars," explains Philips, estimating total savings of $1.5 million a year.

A big chunk of that savings is derived from about a dozen "store bought" software tools that cost around $300,000 a year in licensing fees alone.

He would not reveal how much Regulus spent with the Decru; pricing for Decru's FC-Series appliances begins at $25,000, although the vendor's SCSI version, the S-Series, is priced slightly cheaper at $15,000.

Crypto Acceleration
For Parsipanny, N.J.-based brokerage firm J.B. Hanauer, the shift to hardware encryption had more to do with time than money. Eric Latalladi, the company's CTO, told Byte and Switch that he deployed a CryptoStor appliance from NeoScale a year ago in an effort to speed up his encryption process.

Previously, Latalladi and his team used software from Legato to encrypt around 1 Tbyte of data held on ADIC libraries at his Garden State data center. "Software encryption is generally slow," he says, explaining that data bits have to be transferred between the hardware and the software and back again.

By using the CryptoStor appliance, though, Latalladi has speeded up his backups. "We have a maximum six-hour backup window and we were at capacity doing software-based encryption," he says, adding that backups can now be completed in around five hours and 15 minutes.

That said, financial considerations did play some part in Latalladi's buying decision. The exec looked at a number of different vendors, including Decru, before spending around $20,000 on his CryptoStor appliance. "I remember Decru being more expensive," he explains.

Conversely, Regulus' Philips looked at NeoScale before he deployed his Decru devices. "NeoScale lost out for a number of reasons," he explains, explaining that ease of installation was a big factor in his decision to deploy the DataForts.

For Latalladi, though, this was not a burning issue. "Ease of installation was not at the top of my priority list -- it should be senior level administrators deploying this," he says.

The exec admits, nonetheless, that he wants NeoScale to build on its decision to open up its key management APIs to other vendors. (See What's the Key to Excellent Encryption?, NeoScale Centralizes Management, and Multivendor Management Locked Up.) "I would like to see more of this type of thing from an industry perspective," he says. "At the moment, we're small enough for me to be able to throw my arms around the key management issue."

Last year NeoScale was the first encryption vendor to make a move in this space, opening up its APIs to Symantec, Entrust, and Optica in order to allay users' key management issues. (See All Keyed Up With NeoScale.) NeoScale told Byte and Switch that the first products based on this initiative will be available in the first half of this year.

— James Rogers, Senior Editor, Byte and Switch

  • Advanced Digital Information Corp. (Nasdaq: ADIC)
  • Decru Inc.
  • Entrust Inc.
  • IBM Corp. (NYSE: IBM)
  • EMC Legato
  • NeoScale Systems Inc.
  • Optica Technologies Inc.
  • Symantec Corp. (Nasdaq: SYMC)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 10/30/2020
    'Act of War' Clause Could Nix Cyber Insurance Payouts
    Robert Lemos, Contributing Writer,  10/29/2020
    6 Ways Passwords Fail Basic Security Tests
    Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    How to Measure and Reduce Cybersecurity Risk in Your Organization
    In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15703
    PUBLISHED: 2020-10-31
    There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
    CVE-2020-5991
    PUBLISHED: 2020-10-30
    NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
    CVE-2020-15273
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
    CVE-2020-15276
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
    CVE-2020-15277
    PUBLISHED: 2020-10-30
    baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.