TORONTO The recent Sony hack grabbed headlines in large part due to the political fallout, but its not the first corporate enterprise to suffer a high profile security breach and probably wont be the last. <\/p>\n
Regardless, its yet another sign that additional layers of security may be needed as hackers find ways to break through network firewalls and pull out sensitive data, whether its Hollywood secrets from a movie studio, or customer data from retailers such as Home Depot or Target. And sometimes its not only outside threats that must be dealt with; those threats can come from within the firewall. <\/p>\n
While password-protected user profiles on the client OS have been standard for years, self-encrypting SSDs are starting to become more appealing as they allow for encryption at the hardware level, regardless of OS, and can be deployed in a variety of scenarios, including enterprise workstations or in a retail environment. <\/p>\n
In general, SSDs are becoming more common. SanDisk, for example, is bullish about adoption by average notebook users, while like many other vendors, optimizing its enterprise SSDs for different workloads. Samsung, meanwhile, has added new security features to its self-encrypting drive (SED), the 840 EVO SSD, making it compatible with professional security software employed by enterprise organizations, as it expects encrypted SSDs to become standard. Beyond SEDs themselves, there are the vendors such as Wave Systems and WinMagic that offer software to manage the encryption of SSDs on a wide scale. <\/p>\n
A survey by the Storage Networking Industry Association presented at last years Storage Visions Conference found users lacked interest in built-in encryption features for SSDs, particularly in the mobile space. One of the chief concerns they had when adding features such as encryption to MCUs and SSDs is their effect on performance. Even though many SSDs being shipped today have data protection and encryption features built in, often those capabilities are not being switched on by OEMs, due to the misconception that encryption can reduce performance. <\/p>\n
Ritu Jyoti, chief product officer at Kaminario, said customers are actually requesting encryption as a feature for its all-flash array, but also voice concerns about its effect on performance. They do ask the question. Customers in the financial services sector in particular are looking for encryption on their enterprise SSDs, she said, driven by compliance demands, as well as standards outlined by the National Institute of Standards and Technology. <\/p>\n
Kaminario recently announced it had added always-on, data-at-rest encryption capabilities to its K2 all-flash array, but Jyoti said interest in encryption features has been expressed by the companys customer base for several years. She said the K2 encryption uses 256-bit AES keys technology and requires administrative authorization for access, ensuring no data is available on drives after deletion through a cryptographic SSD erase feature. <\/p>\n
To address performance concerns, Kaminario leverages Samsung SEDs as well as its own architecture, which support non-disruptive software and hardware upgrades so encryption can be added without downtime or loss of data. <\/p>\n
Jyoti said SEDs and encryption of all-flash arrays have become a growing trend in the enterprise. They are going to become the defacto standard very quickly. <\/p>\n
George Crump, president and founder of research firm Storage Switzerland, recently blogged about Kaminarios new all-flash array and addressed its new features, including encryption, which he wrote is critical for flash systems in particular because of the way controllers manage flash. When NAND flash cell wears out the flash controller, as it should, it marks that cell as read-only. The problem is that erasing a flash cell requires that null data be written to it, he wrote. But how do you do that if the flash controller had previously marked the cell as read-only? If you cant erase the data, but you can read it, then some enterprising data thief may be able to get to your data. <\/p>\n
<\/p>\n