Data can be encrypted two ways: at rest and in transit.

Please note: employing these two types of encryption safeguards must occur in tandem; it's not automatic. Data encrypted at rest does not guarantee it remains encrypted as it traverses a network. Conversely, data encrypted "over the wire" does not offer any safeguard that the content remains encrypted after it has reached its destination.

Refers to data storage either in a database, on a disk, or on some other form of media.

Note: Indiana law recognizes the value of disk encryption such that a lost/stolen laptop or storage media is not considered a breach if that media was encrypted (and the encryption key was notavailable with the device).

Refers to data that is encrypted as it traverses a network including via web applications, smart phone apps, chats, etc. In-transit basically refers to the point at which the data leaves the storage drive or database until it's re-saved or delivered to its destination. Protecting information in transit essentially ensures protection from others attempting to snoop or eavesdrop on information as it traverses the network.

Symmetric key algorithms use related, often identical keys to both encrypt and then decrypt information. In practice, this is known mostly as a shared secret between two or more parties.

Asymmetric key algorithms, however, use different keys to encrypt and decrypt information; one key encrypts (or locks) while the other decrypts (or unlocks). In practice, this is known mostly as a public/private key; the public key can be shared openly, the private key should not. In mostcryptographic systems, it is extremely difficult to determine the private key values based on the public key.

Read the original:
Data Encryption: Hardware & Software Security: Online ...

NationalSecurity,Technology,andLaw

A HOOVER INSTITUTION ESSAY

ENCRYPTION SUBSTITUTES

ANDREW KEANE WOODS

Aegis Paper Series No. 1705

Introduction

Policy experts have suggested that the rise of encrypted data is not the end of intelligence collection because law enforcement can look to substitutes

other sources of intelligence, such as metadata

that prove to be just as valuable or more valuable than decrypting encrypted data.

1

This paper focuses on the other side of that insight: on the substitutes available for privacy-seekers beyond encryption, such as placing ones data in a jurisdiction that is beyond the reach of law enforcement. This framework puts encryption in context: there are many ways to keep ones data private, just as there are many ways that the government might get access to that data. While encryption is typically treated as a stand-alone computer security issue, it is a piece of a larger debate about government access to personal data.

2

Law enforcement ofcials are, in general, agnostic about the method through which they obtain evidence

what matters is obtaining it. Privacy-seekers are similarly agnostic about how they secure their privacy

what matters is having it. This means that policymakers have a wide set of options

not only about

whether

to allow law enforcement to access personal data, but also

how

to do so. This wide set of options is not reected in the debate over encryption, which is typically framed in all-or-nothing terms. Some privacy advocates take a stance that seems to allow no room for compromise (an argument that can be boiled down to its math!

3

) and some government actors do the same (essentially arguing, its terrorism!

4

). Widening the scope of the policy discussion to include related issues

what I will call encryption substitutes

may increase the chances of compromise and may generate better policy.In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, ghting terrorism, and regulating territorial borders. Second, I assume that people have a right to expect privacy in their personal data. Therefore, policymakers should seek to satisfy both law enforcement and privacy concerns without unduly burdening one or the other. Of course, much of the debate over government access to data is about how to respect

Read the rest here:
Encryption Substitutes | Privacy | Encryption

User Ratings:

This tutorialdetails how to enable BitLocker drive encryption in Windows 10. One of Windows most important security features, BitLocker drive encryption protects your important data by encrypting the entire disk volumes it is stored on. It uses a specialized Encrypting File System to achieve this. As the latest and greatest version of Microsofts line of operating systems, Windows 10 features an improved version of BitLocker, with enhanced data encryption abilities. You can easily enable BitLocker drive encryption for some (or all) of your disk drive partitions, using Windows 10. The encrypted partitions (and the data stored on them) is secured against all kinds of data loss and threats. Lets dig in deeper, and see how you can enable BitLocker drive encryption in Windows 10.

The detailed explanation of what BitLocker is pretty complicated and as such, the way it works to do what it does too, is verbose enough to warrant another article. However, at a basic level, BitLocker can be explained as a built in encryption feature of Windows that secures your data against all kinds of threats by encrypting the entire disk volumes it is stored on. It uses AES-256 encryption algorithm in Cipher Block Chaining (CBC) mode to do this. This, combined with an Encrypting File System (EFS) and a dedicated Trusted Platform Module (TPM) chip provide your valuable digital data some really high quality protection.

Although the way BitLocker works is pretty complicated, enabling it to secure your data in Windows 10 is a walk in the park. The whole process is really simple, easy and takes a few clicks. Heres how to enable BitLocker drive encryption in Windows 10:

Step 1: Open up Control Panel, and select BitLocker Drive Encryption. You should see the following drive selection screen

As illustrated by the above screenshot, you can select the drive partition whose contents you want to encrypt with BitLocker Drive Encryption. Click the Turn on BitLocker option against the desired drive partition to proceed to the next step.

Step 2: Once the selected drive is initialized, you are required to specify a password for locking/unlocking the drive. As is always recommended for passwords, choose a password having a combination of upper and lower case alphabets, numbers, and special symbols. Once done, hit Next.

Step 3: The encryption wizard will now automatically create a digital recovery key that can be used to restore access to the encrypted drive, should you forget the password. The wizard also presents you with multiple options for saving the recovery key. You can save it to your Microsoft account, a file, a USB drive, or even take a printout of it.

Step 4: As a last step, the encryption wizard will ask you to choose the encryption method. You can either choose to encrypt the used disk space (faster), or the entire drive (slower, but better). After selecting the appropriate option, hit Next to start the encryption process

Thats it! Windows will now encrypt the contents of the selected disk partition using BitLocker drive encryption. Based on the disk space selected for encryption and the volume of data it holds, this process might take a while. Easy, right?

Also See:How To Dual Boot Windows 10 With Windows 7?

BitLocker drive encryption is a pretty advanced and useful feature of Windows and with the latest Windows 10, its better than ever. The fact that you can encrypt the contents of entire volumes makes it highly usable, especially for those who have to carry large volumes of sensitive digital information from one system to another. And with the easy encryption wizard, enabling BitLocker drive encryption in Windows 10 is as easy as it can be. This is one feature you should definitely check out in Windows 10, youll love it!

Originally posted here:
How To Enable BitLocker Drive Encryption In Windows 10?

Select CountryAfghanistan (+93)Albania (+355)Algeria (+213)American Samoa (+1684)Andorra (+376)Angola (+244)Anguilla (+1264)Antarctica (+0)Antigua and Barbuda (+1268)Argentina (+54)Armenia (+374)Aruba (+297)Australia (+61)Austria (+43)Azerbaijan (+994)Bahamas (+1242)Bahrain (+973)Bangladesh (+880)Barbados (+1246)Belarus (+375)Belgium (+32)Belize (+501)Benin (+229)Bermuda (+1441)Bhutan (+975)Bolivia (+591)Bosnia and Herzegovina (+387)Botswana (+267)Bouvet Island (+0)Brazil (+55)British Indian Ocean Territory (+246)Brunei Darussalam (+673)Bulgaria (+359)Burkina Faso (+226)Burundi (+257)Cambodia (+855)Cameroon (+237)Canada (+1)Cape Verde (+238)Cayman Islands (+1345)Central African Republic (+236)Chad (+235)Chile (+56)China (+86)Christmas Island (+61)Cocos (Keeling) Islands (+672)Colombia (+57)Comoros (+269)Congo (+242)Congo, the Democratic Republic of the (+242)Cook Islands (+682)Costa Rica (+506)Cote D'Ivoire (+225)Croatia (+385)Cuba (+53)Cyprus (+357)Czech Republic (+420)Denmark (+45)Djibouti (+253)Dominica (+1767)Dominican Republic (+1809)Ecuador (+593)Egypt (+20)El Salvador (+503)Equatorial Guinea (+240)Eritrea (+291)Estonia (+372)Ethiopia (+251)Falkland Islands (Malvinas) (+500)Faroe Islands (+298)Fiji (+679)Finland (+358)France (+33)French Guiana (+594)French Polynesia (+689)French Southern Territories (+0)Gabon (+241)Gambia (+220)Georgia (+995)Germany (+49)Ghana (+233)Gibraltar (+350)Greece (+30)Greenland (+299)Grenada (+1473)Guadeloupe (+590)Guam (+1671)Guatemala (+502)Guinea (+224)Guinea-Bissau (+245)Guyana (+592)Haiti (+509)Heard Island and Mcdonald Islands (+0)Holy See (Vatican City State) (+39)Honduras (+504)Hong Kong (+852)Hungary (+36)Iceland (+354)India (+91)Indonesia (+62)Iran, Islamic Republic of (+98)Iraq (+964)Ireland (+353)Israel (+972)Italy (+39)Jamaica (+1876)Japan (+81)Jordan (+962)Kazakhstan (+7)Kenya (+254)Kiribati (+686)Korea, Democratic People's Republic of (+850)Korea, Republic of (+82)Kuwait (+965)Kyrgyzstan (+996)Lao People's Democratic Republic (+856)Latvia (+371)Lebanon (+961)Lesotho (+266)Liberia (+231)Libyan Arab Jamahiriya (+218)Liechtenstein (+423)Lithuania (+370)Luxembourg (+352)Macao (+853)Macedonia, the Former Yugoslav Republic of (+389)Madagascar (+261)Malawi (+265)Malaysia (+60)Maldives (+960)Mali (+223)Malta (+356)Marshall Islands (+692)Martinique (+596)Mauritania (+222)Mauritius (+230)Mayotte (+269)Mexico (+52)Micronesia, Federated States of (+691)Moldova, Republic of (+373)Monaco (+377)Mongolia (+976)Montserrat (+1664)Morocco (+212)Mozambique (+258)Myanmar (+95)Namibia (+264)Nauru (+674)Nepal (+977)Netherlands (+31)Netherlands Antilles (+599)New Caledonia (+687)New Zealand (+64)Nicaragua (+505)Niger (+227)Nigeria (+234)Niue (+683)Norfolk Island (+672)Northern Mariana Islands (+1670)Norway (+47)Oman (+968)Pakistan (+92)Palau (+680)Palestinian Territory, Occupied (+970)Panama (+507)Papua New Guinea (+675)Paraguay (+595)Peru (+51)Philippines (+63)Pitcairn (+0)Poland (+48)Portugal (+351)Puerto Rico (+1787)Qatar (+974)Reunion (+262)Romania (+40)Russian Federation (+70)Rwanda (+250)Saint Helena (+290)Saint Kitts and Nevis (+1869)Saint Lucia (+1758)Saint Pierre and Miquelon (+508)Saint Vincent and the Grenadines (+1784)Samoa (+684)San Marino (+378)Sao Tome and Principe (+239)Saudi Arabia (+966)Senegal (+221)Serbia and Montenegro (+688)Seychelles (+248)Sierra Leone (+232)Singapore (+65)Slovakia (+421)Slovenia (+386)Solomon Islands (+677)Somalia (+252)South Africa (+27)South Georgia and the South Sandwich Islands (+0)Spain (+34)Sri Lanka (+94)Sudan (+249)Suriname (+597)Svalbard and Jan Mayen (+47)Swaziland (+268)Sweden (+46)Switzerland (+41)Syrian Arab Republic (+963)Taiwan, Province of China (+886)Tajikistan (+992)Tanzania, United Republic of (+255)Thailand (+66)Timor-Leste (+670)Togo (+228)Tokelau (+690)Tonga (+676)Trinidad and Tobago (+1868)Tunisia (+216)Turkey (+90)Turkmenistan (+7370)Turks and Caicos Islands (+1649)Tuvalu (+688)Uganda (+256)Ukraine (+380)United Arab Emirates (+971)United Kingdom (+44)United States (+1)United States Minor Outlying Islands (+1)Uruguay (+598)Uzbekistan (+998)Vanuatu (+678)Venezuela (+58)Viet Nam (+84)Virgin Islands, British (+1284)Virgin Islands, U.S. (+1340)Wallis and Futuna (+681)Western Sahara (+212)Yemen (+967)Zambia (+260)Zimbabwe (+263)

Go here to see the original:
Encryption Software Market, Size, Trends and Forecast 2020

This is the first page that shows up via google, and the security vulnerabilities in all the implementations make me cringe so I'm posting this to add information regarding encryption for others as it has been 7 Years from the orignal post. I hold a Masters Degree in Computer Engineering and spent a lot of time studying and learning Cryptography so I'm throwing my 2 cents in to make the internet a safer place.

Also, do note that a lot of implementation might be secure for a given situation, but why use those and potentially accidentally make a mistake? Use the strongest tools you have available unless you have a specific reason not to. Overall I highly advise using a library and staying away from the nitty gritty details if you can. I recommend Jasypt.

I will outline the basics of secure symmetric cryptography below and point out common mistakes I see online.

First thing first you need to pick a symmetric key Block Cipher. A Block Cipher is a tool used to create Pseudo-Randomness. Make sure to NEVER, I repeat NEVER use DES, I would even say NEVER use 3DES. The only Block Cipher that even Snowden's NSA release was able to verify being truly as close to Pseudo-Random as possible is AES 256.

Now let's talk about encryption modes. Never Use ECB this is bad at hiding repeating data as shown by the famous Linux penguin.

When implementing in Java note that if you use the following code, ECB mode is set by default:

... AVOID THIS! Which is seen in a a lot of examples online

If you have no Idea what you are doing I would strictly stick to GCM, and as said before if you really have no idea just use Jasypt. The only other modes that I would even mention are decent as well are CBC and CTR mode, but unlike GCM an attacker could modify the encrypted message in these modes and that is why they are not entirely secure.

So in the typical java implementation this is the setup you want:

GCM is built upon CTR mode and doesn't require padding. but if for whatever reason you choose to use for example CBC Mode do so with PKCS7Padding as follows:

Another very important note, is that when it comes to cryptography a Key and a Password are not the same things. A Key in cryptography needs to have a certain amount of entropy and randomness to be considered secure. This is why you need to make sure to use the Cryptography libraries Key generating algorithm to pick a key.

Along with a Key we also have a thing called an IV. While a key is a secret and you should only share it with people you want to be able to decrypt the message, the IV is public. It's used to make sure that if you encrypt two messages that are the same, the encryption looks different. Now what most people are not aware of is that IV's can not repeat for the same key. The moment you repeat an IV in modes like GCM, CBC, CTR you actually compromise the entire security of the system. This is why you need to make sure first your IV is not static and that you are using the proper Cryptography library to generate a random IV with a really low probability of accidentally creating two of the same.

I have by now hopefully gone through all other posts and edited them to take out vulnerabilities. But to make your life easy with Jasypt here is how you use it!

Gradle

Setup

Encryption

Decryption

For more security use the StrongTextEncryptor util class provided below but it is slower. (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it):

Setup

Encryption

Decryption

Isn't this just so much cleaner? 🙂

Note that when using Jasypt you don't have to worry about the key being truly random as discussed above just use a strong password, their library converts your strong password into a proper crypto key. But remember a weak password is still a weak password

Android Developers

One important point to point out here is know that your android code is reverse engineer able. That means if you store the password in plain text in your code. A hacker can easily retrieve it. Usually for these type of encryption you want to use Asymmetric Cryptography and so on. This is outside the scope of this post so I will avoid diving into it.

An interesting reading from 2013: Points out that 88% of Crypto implementations in android were done improperly and this is really the basis of me coming here and ranting so much.

More:
encryption - How to encrypt String in Java - Stack Overflow

Now that we can agree that privacy is a right and not a feature, there's no reason for anyone to be snooping on your emails and phone conversations. You probably don't have anything to hide, but your privacy still needs to be respected. If you're in the least bit concerned, read on.

Messaging & Calls

WHATSAPP is encrypted end-to-end this means that no one, not even Whatsapp, has access to what you send. What you probably didn't know is that Whatsapp servers don't store messages at all and even voice/video calls are encrypted with the same uncrackable technology. If Whatsapp is too populous for your taste, you can always use Signal by Open Whisper Systems. They're quite similar because you can use Signal for text, audio, video, sending files, group conversations, voice calls and video calls. In fact, Whatsapp uses the Signal protocol for end-to-end encryption.

APPLE users should know that iMessage and FaceTime are also end-to-end encrypted. Needless to say, this only works within the Apple ecosystem, so you have to be chatting or video calling with someone who has an Apple device.

WICKR normally makes enterprise class communication products but they also have Wickr Me a free, private messenger for personal communications. It is end-to-end encrypted and has default ephemerality (all messages are fleeting, get deleted on being read). It also allows you to send photos, videos and files up to 10MB in size. For larger files and secure chat rooms, you can explore some of the paid plans.

Your privacy needs to be respected (Image: Thinkstock)

Email

PROTONMAIL is top of mind for most when it comes to secure email - you can use the web client or even the mobile apps for free. All emails are secured and anonymous (no personal info is needed to create an account). Basic accounts (500MB storage, 150 emails per day) are free and you can upgrade to remove these restrictions.

MAILFENCE is not as popular as ProtonMail but it also offers a free secure email account with up to 200MB total storage, 250MB documents, two-factor authentication and digital signatures. There's no spam, no trackers, no ads and no access for govt surveillance.

TUTANOTA gives you 1GB of space for email with some restrictions (no aliases, no customisation). It automatically encrypts all data including email and contacts. You can access it on any device using a web browser or get the apps for Android and iOS.

Cloud Storage

BOXCRYPTOR can be used to encrypt your files with any of the cloud storage providers like Dropbox, Google or OneDrive. It's free for personal use the catch is that you can only use it with one cloud provider and two devices. There are paid plans available if you need to remove these restrictions.

TRESORIT provides end-to-end encryption of your files. It includes 1,000GB of encrypted storage and you can access them from up to 10 devices all platforms are supported. If you need to send a file to anyone, you can send an encrypted link and access can be revoked anytime. You can try it free for 14 days after which it is US$12.50 a month (or US$10.42 a month, if billed annually).

SPIDEROAK is a cloud storage provider that encrypts data but also protects it in case of accidental loss (backup and sync of data is available for Windows, Mac, iOS and Android). You can create temporary, self-destructing links if you need to share any data from your personal cloud. Plans start at US$5 a month for 100GB storage and there are options for 250GB (US$9/month), 1,000GB (US$12/month) and 5TB (US$25/month).

Go here to read the rest:
Privacy is your right! Here's everything about encrypted WhatsApp messages, Apple devices and emails - Economic Times

Using quantum encryption to secure messages could make for much less hackable communication networks. The technique has been tested in the lab, but for it to really take off as a practical system it needs to work out in the real world, among other signals and natural air turbulence. Now, researchers from the University of Ottawa have successfully sent a message with high-dimensional quantum encryption between two building rooftops.

Quantum communication, at its most basic level, usually encodes information in a binary system: individual photons are sent between two points, with each representing one bit of information, either a one or a zero. But a technique called high-dimensional quantum encryption can theoretically squeeze twice the data into each photon, in turn allowing exponentially more information to be transmitted. Two bits of information per photon opens up four signal possibilities 00, 01, 10 and 11 giving it the title of 4D quantum encryption.

Not only can this technique fit more information into each particle, it's also more secure against deliberate attempts to intercept the message, as well as environmental factors like air turbulence and electronic interference. To keep out any prying eyes, this information can be encrypted with quantum key distribution, which uses the quantum states of light to encode a message and tell the receiving device how to decrypt it.

But outside of a lab, the real world is a noisy place, full of buildings, turbulent air and electronics. Before 4D quantum encryption can reach its potential, it needs to be tested in the kinds of environments it may eventually be used in. Since there's so much noise on the ground, sending a signal across a distance of 3 km (1.9 miles) horizontally is equivalent to the much greater distance of beaming a message through the relatively-clear air between the ground and a satellite in orbit.

The 3-km horizontal test is the next step, but for this proof of concept, the University of Ottawa researchers set about performing a 300 m (985 ft) test run between two rooftops in a city. They set up the lab equipment on the roof of each building, protected from the worst of the weather in wooden boxes.

The test was successful. Messages secured with 4D quantum encryption were beamed between the two stations, with an error rate of 11 percent well below the threshold to make it a secure connection. Accounting for the error correction and turbulence, the system was able to transfer 1.6 times more data per photon than 2D encryption.

"Our work is the first to send messages in a secure manner using high-dimensional quantum encryption in realistic city conditions, including turbulence," says Ebrahim Karimi, lead researcher on the study. "The secure, free-space communication scheme we demonstrated could potentially link Earth with satellites, securely connect places where it is too expensive to install fiber, or be used for encrypted communication with a moving object, such as an airplane."

The researchers say the next step is to test the system across three points, placed 5.6 km (3.5 mi) apart, using adaptive optics to try to counteract the turbulence. Longer-term, the plan is to add more links and more encryption dimensions to the system.

The research was published in the journal Optica.

Source: The Optical Society

See the rest here:
4D quantum encryption successful in first real-world test - New Atlas - New Atlas

Windows Central

How to use EFS encryption to encrypt individual files and folders on Windows 10 Windows Central Encrypting File System (EFS) is an encryption service found in Windows 10 Pro, Enterprise, and Education. A cousin to BitLocker, which can encrypt entire drives at once, EFS lets you encrypt individual files and folders. Encryption is tied to the PC ...

View post:
How to use EFS encryption to encrypt individual files and folders on Windows 10 - Windows Central

The global cloud encryption market is expected to quadruple from $645.4 million this year to $2.4 billion by 2022. Thats a compound annual growth rate of 30 percent.

Thats according to a new report by MarketsandMarkets, which IDs Sophos, Trend Micro and Symantec among the major vendors. Others includeThales e-Security, Gemalto, Skyhigh Networks, Netskope, CipherCloud, HyTrust, Vaultivand TWD Industries.

The demand for cloud encryption mostlyis driven by stringent government regulations and the need to protect mission-critical data residing in the cloud, the report says. With the rising demand for cloud and virtualization across numerousverticals, the adoption rate of cloud encryption among enterprises is expected to gain major tractionover the next five years.

The infrastructure-as-a-service (IaaS) model is expected to hold the largest market share. Itsused to run applications on the public cloud and it allowsorganizations to reduce the total cost of ownership since its being provided by third-party vendors in the form of cloud-based data centers. However, virtualization introduces new security challenges, so enterprises are adopting cloud encryption to run business-critical functions securely.

The telecom and IT vertical is expected to grow the fastest.Thats due to heavy useof cloud-based applications for business operations, frequent targets forcybercriminals.

North Americais expected to have the largest market share and to dominate themarketfrom 2017 to 2022, dueto the early adoption of new and emerging technologies and the presence of a large number of players in this region. Asia Pacific offers extensive growth opportunitiesdueto the largenumber of SMEs that are extensively adopting cloud technology.

Here is the original post:
Sophos, Trend Micro, Symantec Lauded for Cloud Encryption - Channel Partners

Hedvig today launched the third version of its software-defined storage product featuring support for flash tiering, built-in encryption technology, and new plugins for third-party backup and container technologies.

NVMes no longer just a protocol for fast flash drive connections to a PC via the PCI Express bus. Discover the future of NVMe usage here, including exclusive details on how the M.2 SSD form factor is approaching server-ready capacity and speed.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Hedvig storage software runs on commodity hardware. Hedvig doesn't sell the hardware, but supports moving data between fast flash-based solid-state drives(SSDs) and a tier of slower, less expensive hard disk drives (HDDs). Hedvig's new FlashFabric enables two storage tiers in all-SSD server clusters that can span on-premises and public cloud environments.

Hedvig Distributed Storage Platform 3.0 detects performance differences in SSDs, according to Rob Whiteley, Hedvig vice president of marketing. He said those SSDs can be traditional SAS or SATA, newer latency-lowering NVMe-based PCI Express, or emerging 3D XPoint technology from Intel and Micron.

"There are configurations where the customer will have some amount of higher performance, higher cost NVMe flash plus some amount of more traditional enterprise-grade flash," Whiteley said. "And what they actually want is the ability to automatically tier in and out of different flavors of flash."

Howard Marks, founder and chief scientist at storage test lab DeepStorage LLC, said Hedvig's 3.0 release is major from a technological standpoint, but the company is early with its support for "all-flash hybrids" with more than one type of SSD.

"The majority of the all-flash systems we see today have one pool of flash. But between NVMe and upcoming post-flash memories like 3D XPoint, we are going to have at least two tiers of solid state," Marks said. "That means folks like Hedvig, who have the logic for dealing with multiple tiers built into their system, have an advantage."

Whitely said the Hedvig storage software tracks data reads and writes at a granular level to ensure the hottest data lands on the highest performing storage media. To enable the SSD tiering, Hedvig engineers created write-through read caches that could take advantage of different flash tiers, he said.

"Our system has always been very flash friendly from a write perspective," Whitely said. "There were just some additional things we wanted to do from a read perspective."

New Hedvig storage security features include software-based encryption for data in use, in flight and at rest; advanced audit logging designed to enhance the product's monitoring and analytics engines; and improved multitenant role-based access control tying into Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory.

Hedvig's 256-bit Encrypt360 technology secures data through proxy software deployed on host compute servers to minimize the performance hit. The software supports the Advanced Encryption Standard New Instructions from Intel to accelerate host encryption.

Hedvig software deduplicates data before encryption. As with deduplication and replication, Hedvig enables customers to turn encryption on and off on a per-volume, or virtual disk (vDisk), basis, Whiteley said.

In the past, Hedvig advised customers to use self-encrypting drives or third-party products for in-flight encryption, Whiteley said.

"What we've found in the software-defined storage world is self-encrypting drives are often a generation or two behind in hardware technology, and they're a lot more expensive," Whiteley said. "Plus, how you then do the key management becomes a very difficult proposition for a lot of large enterprises."

Hedvig does not supply a key management system. The company tested and validated Amazon Web Services' Key Management Service option, and depending on the API, could plug into other third-party key management systems, according to Whiteley.

When setting up a cluster, the Hedvig storage proxy reaches out to the key management system for a unique encryption key for each vDisk. The vDisk keys are cached at the proxy and stored in Hedvig's metadata engine, according to Eric Carter, the company's senior director of product management.

The third feature set in Hedvig's new 3.0 storage software is CloudScale Plugins for Veritas, VMware and Red Hat products, to add to the company's existing support for Docker and OpenStack.

The new Veritas OpenStorage Technology plugin will enable NetBackup customers to connect to Hedvig for deduplicated backup storage. Whiteley said the Veritas NetBackup plugin is "probably the most requested customer feature besides encryption."

Hedvig already had a VMware vSphere Web Client plugin, but it is now certified, with new backup and security capabilities. In addition, Hedvig Storage Proxy containers are now Red Hat-certified and published in the Red Hat Container Catalog. The containers support Red Hat Enterprise Linux and Red Hat's OpenShift container application development platform.

Pricing remains unchanged for the Hedvig Distributed Storage Platform, which becomes generally available Friday. Hedvig partners with Cisco, Dell, Hewlett Packard Enterprise (HPE), Lenovo, Quanta and Super Micro on hardware.

Hedvig and HPE in June launched a validated bundled option combining Hedvig's software-defined storage with HPE Apollo 4200 servers. Whiteley said the bundled product, for which HPE provides first-line support, has already grown to about half the opportunities in the company's sales pipeline.

"Just having the HPE sales force boots on the ground is going to be a big driver for both their growth and their market acceptance," Marks said. "If an HPE sales guy sells Hedvig, it counts against their storage quota. Sales guys sell what you incent them to sell."

Hedvig CEO sees public, private clouds blurring

Scale-out software-defined storage on the rise

Guide to software-defined market and products

Read the original post:
Hedvig storage upgrade adds flash tier, encryption options - TechTarget