New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

Simplify encryption and key mangement for your entire enterprise



Keeping intellectual property and personal information secure is a big responsibility. As the storage consolidation trend escalates, more and more data is put at risk during a single breach. Regulations regarding data integrity and data privacy impose high costs when companies fail to protect data. Encrypting data at rest, on tape and disk, significantly mitigate these threats. Additionally, managing encryption keys for encrypted data that will be stored for many years can be a complex undertaking. You must guarantee encryption keys are secure, yet you must make them available upon a moment’s notice to restore data.

Info Security Products Guide
this article
COMPARE and print reports
RATE products

Tomorrow's Technology Today - Encryption


NetApp pioneered the storage security market, introducing the first storage security appliances in 2002. Since then, NetApp has gained experience with customers large and small, with the largest deployments spanning 35+ countries. NetApp is currently shipping its third generation storage security and key management platforms which incorporate feedback from thousands of installations worldwide. In fact, TheInfoPro research group recently listed NetApp as the number 1 vendor Fortune 1000 companies had in-use and in-plan to address storage security.

NetApp® DataFort is a reliable, multi-gigabit-speed encryption appliance that integrates transparently into NAS, SAN, DAS and tape backup environments. By locking down stored data with strong encryption, and routing all access through secure hardware, DataFort radically simplifies the security model for networked storage. NetApp Lifetime Key Management™ Appliance (LKM Appliance) is NetApp’s third generation key management platform, enabling centralized key management for large, distributed encryption environments. Lifetime Key Management Appliance delivers enterprise-class scalability, availability, and security, along with NetApp OpenKey™ API's to support third-party encryption platforms.

DataFort appliances combine secure access controls, authentication, storage encryption, and secure logging to provide unprecedented protection for sensitive stored data. Because DataFort appliances protect data at rest and in flight with strong encryption, even organizations that outsource IT management can be sure their data assets are secure. In short, DataFort appliances offer a powerful and cost-effective solution to address a broad range of external, internal, and physical threats to sensitive data.

HARDENED ARCHITECTURE: DataFort hardware was designed from the ground up for maximum security. At the heart of the system is NetApp’s Storage Encryption Processor (SEP) — a robust hardware engine enabling full-duplex, multi-gigabit-speed encryption and key management. NetApp’s SEP, clustering and key management have passed certification testing for FIPS 140-2 level 3. DataFort's AES-256, SHA-1 and SHA-256 encryption implementations have also been certified by the National Institute for Standards and Technology (NIST).

The DataFort appliances incorporate strong AES-256 encryption. DataFort appliances use a True Random Number Generator (TRNG) to create keys, and cleartext keys never leave DataFort's secure hardware, offering the highest level of security against attacks.

COMPARTMENTALIZATION: Security administrators can compartmentalize data in shared storage using Cryptainer™ storage vaults. Cryptainer vaults cryptographically partition stored data, and provide an additional layer of threat containment. DataFort also supports the creation of cleartext Cryptainer vaults, which enables administrators to enforce access controls centrally, but leave less sensitive data unencrypted.

LIFETIME KEY MANAGEMENT™: Key management is a critical component of any encryption system, especially for those intended to encrypt data at rest. Enterprise data may be stored for months or years, so encryption keys must be archived securely and recovered transparently when needed, without adding complexity for administrators or users. NetApp Lifetime Key Management™ Appliances securely automate archiving and recovery of encryption keys across the enterprise, so data is always secure and available, regardless of where or how long it is stored.

AUTHENTICATION AND ACCESS CONTROLS: DataFort appliances provide a powerful, single point of secure access controls and authentication for heterogeneous client and storage environments. DataFort appliances integrate transparently with directory servers such as LDAP, Active Directory and NIS, and add a layer of hardware-based policy enforcement that prevents common attacks. DataFort appliances also incorporate smart cards to ensure that only authorized DataFort administrators can configure and manage the DataFort. In SAN environments, DataFort appliances can use Host Authentication to further lock down the fabric.

STORAGE VPN: In Ethernet environments, DataFort appliances can secure data in flight from the desktop or server with integrated Storage VPN features. DataFort appliances support IPsec or SSL with hardware-based acceleration, and WebDAV support enables secure, drag-and-drop access to networked storage for remote users or partners over the Internet.

SECURE LOGGING: Each DataFort appliance keeps a cryptographically signed log of activities. Reports are fully customizable to track relevant events, including failed authentication attempts, Cryptainer access, administrative actions, or intrusion.

CryptoShred simplifies the process of permanently deleting data. By deleting an encryption key, all copies of associated data are instantly destroyed, regardless of physical location. CryptoShred provides vital functionality for a range of applications, including regulatory compliance, hardware redeployment or disposal, and protection for data in harm's way.

NetApp’s storage security products have been validated for interoperability with a broad range of storage environments and vendors. NetApp offers the only platform to secure data in all major storage and infrastructures, from file-based data in NAS or file servers, to block-based data in IP-SAN, FC-SAN, and tape backup environments, without requiring client software or forklift upgrades to existing equipment. Some competing solutions require different hardware architectures depending on whether data is destined for disk or for tape, and may not support key management across all platforms.

Many companies need to lock down data in remote locations, but may not have local staff trained to manage secure data. With our Management Console and SecureView™ management framework, companies can monitor and manage their global security infrastructure from a single pane of glass.

NetApp’s storage security solutions have been validated for compliance with FIPS 140-2, level 3, and are also in process for Common Criteria, with a security target of EAL 4+.

Conclusion: NetApp’s appliance-based storage security solutions enable enterprise-wide secure data management, and address critical business requirements including privacy, regulatory compliance, and intellectual property protection. NetApp’s Lifetime Key Management Appliances securely automate key management across enterprises, so your data is always secure and available, regardless of where or how long it’s stored.

275 Shoreline Drive, Fourth Floor
Redwood City, CA 94065
Tel: +1 650-413-6700