Current Threat: Data in cleartext is vulnerable to attacks by curious or malicious insiders, administrators, partners, hackers, contractors, or outsourced service providers. Technologies such as firewalls, Intrusion Prevention Systems (IPS), and Virtual Private Networks (VPN) seek to secure data assets by protecting the perimeter of the network. SAN security features such as LUN Masking and Zoning, as well as NAS security features such as access controls also attempt to address concerns about security. Unfortunately, these targeted approaches do not adequately secure storage, as data is still stored in cleartext. Encrypting data at rest, on tape and disk, significantly mitigate these threats.
Tomorrow's Technology Today: Decru pioneered the storage security market, introducing the first storage security appliances in 2002. Since then, Decru has gained experience with customers large and small, with the largest deployments spanning 35+ countries. Decru is currently shipping its third generation storage security and key management platforms which incorporate feedback from thousands of installations worldwide. In fact, TheInfoPro research group recently listed Decru as the number 1 vendor Fortune 1000 companies had in-use and in-plan to address storage security.
Decru DataFort® is a reliable, multi-gigabit-speed encryption appliance that integrates transparently into NAS, SAN, DAS and tape backup environments. By locking down stored data with strong encryption, and routing all access through secure hardware, DataFort radically simplifies the security model for networked storage. Lifetime Key Management™ Appliance (LKM Appliance) is Decru's third generation key management platform, enabling centralized key management for large, distributed encryption environments. LKM Appliance delivers enterprise-class scalability, availability, and security, along with Decru OpenKey™ API's to support third-party encryption platforms.
MAXIMUM DATA SECURITY
DataFort appliances combine secure access controls, authentication, storage encryption, and secure logging to provide unprecedented protection for sensitive stored data. Because DataFort protects data at rest and in flight with strong encryption, even organizations that outsource IT management can be sure their data assets are secure. In short, DataFort offers a powerful and cost-effective solution to address a broad range of external, internal, and physical threats to sensitive data.
HARDENED ARCHITECTURE: DataFort hardware was designed from the ground up for maximum security. At the heart of the system is Decru's Storage Encryption Processor (SEP) — a robust hardware engine enabling full-duplex, multi-gigabit-speed encryption and key management. Decru's SEP, clustering and key management have passed certification testing for FIPS 140-2 level 3. DataFort's AES-256, SHA-1 and SHA-256 encryption implementations have also been certified by the National Institute for Standards and Technology (NIST.)
ROBUST ENCRYPTION STANDARDS: Decru DataFort incorporates strong AES-256 encryption, optimized by Decru for protecting stored data. DataFort uses a True Random Number Generator (TRNG) to create keys, and cleartext keys never leave DataFort's secure hardware, offering the highest level of security against attacks.
COMPARTMENTALIZATION: Security administrators can compartmentalize data in shared storage using Cryptainer™ storage vaults. Cryptainer vaults cryptographically partition stored data, and provide an additional layer of threat containment. DataFort also supports the creation of cleartext Cryptainer vaults, which enables administrators to enforce access controls centrally, but leave less sensitive data unencrypted.
LIFETIME KEY MANAGEMENT™: Key management is a critical component of any encryption system, especially for those intended to encrypt data at rest. Enterprise data may be stored for months or years, so encryption keys must be archived securely and recovered transparently when needed, without adding complexity for administrators or users. Decru Lifetime Key Management™ Appliances (LKM) securely automate archiving and recovery of encryption keys across the enterprise, so data is always secure and available, regardless of where or how long it is stored.
AUTHENTICATION AND ACCESS CONTROLS: DataFort provides a powerful, single point of secure access controls and authentication for heterogeneous client and storage environments. DataFort integrates transparently with directory servers such as LDAP, Active Directory and NIS, and adds a layer of hardware-based policy enforcement that prevents common attacks. DataFort also incorporates smart cards to ensure that only authorized DataFort administrators can configure and manage the DataFort. In SAN environments, DataFort can use Host Authentication to further lock down the fabric.
STORAGE VPN: In Ethernet environments, DataFort can secure data in flight from the desktop or server with integrated Storage VPN features. DataFort supports IPsec or SSL with hardware-based acceleration, and WebDAV support enables secure, drag-and-drop access to networked storage for remote users or partners over the Internet.
SECURE LOGGING: Each DataFort keeps a cryptographically signed log of activities. Reports are fully customizable to track relevant events, including failed authentication attempts, Cryptainer access, administrative actions, or intrusion.
CRYPTOSHRED™ KEY DELETION: CryptoShred simplifies the process of permanently deleting data. By deleting an encryption key, all copies of associated data are instantly destroyed, regardless of physical location. CryptoShred provides vital functionality for a range of applications, including regulatory compliance, hardware redeployment or disposal, and protection for data in harm's way.
Decru products have been validated for interoperability with a broad range of storage environments and vendors. Decru offers the only platform to secure data in all major storage and infrastructures, from file-based data in NAS or file servers, to block-based data in IP-SAN, FC-SAN, and tape backup environments, without requiring client software or forklift upgrades to existing equipment. Some competing solutions require different hardware architectures depending on whether data is destined for disk or for tape, and may not support key management across all platforms.
Many companies need to lock down data in remote locations, but may not have local staff trained to manage secure data. With Decru Management Console and SecureView™ management framework, companies can monitor and manage their global security infrastructure from a single pane of glass.
Decru solutions have been validated for compliance with FIPS 140-2, level 3, and is also in process for Common Criteria, with a security target of EAL 4+.
Conclusion: Decru appliance-based storage security solutions enable enterprise-wide secure data management, and address critical business requirements including privacy, regulatory compliance, and intellectual property protection. Decru DataFort® is a reliable, multi-gigabit-speed encryption appliance that integrates transparently into NAS, SAN, DAS and tape backup environments.
Decru
275 Shoreline Drive, Fourth Floor
Redwood City, CA 94065
Tel: 1-650-413-6700
