• Ask a Question

    Ask us a question

  • Newsletter

Encryption Manager for Storage

CryptoStorSecurity-hardened, standards-based key management appliance

 Benefits

• Automate encryption key management
• Reduce the risk of security breaches
• Achieve compliance and audit goals
• Meet continuity and retention requirements
• Reduce costs of managing encryption
• Simplify deployment and management

 

Move your storage encryption strategy forward with standards-based key management.

Storage managers face growing demands to protect sensitive data. In response, storage managers must decide how best to deploy and manage encryption...that easily integrates with existing storage infrastructure with the ability to grow in the future.

Networked storage elements such as disk arrays, tape drives and switches, now include encryption. When deploying systems with embedded encryption, storage managers must make sure encryption does not impact business continuity or data accessibility due to inefficient administrative procedures or unreliable key management. A systematic approach is now needed for protecting keys that can automate lifecycle management, while providing a dependable solution that spans across today’s diverse storage infrastructure.

Thales Encryption Manager for Storage is a standards-based, FIPS-designed, hardened appliance that enables organizations to confidently deploy key management across multiple types of encrypting endpoints. The appliance supports both standards-based protocols (IEEE P1619.3 draft), as well as legacy interoperability with leading vendor storage devices, to centralize encryption management with consistency.  Native support for storage vendors, such as tape and disk devices from IBM, Brocade switches, and other leading vendors, provides a comprehensive system that grows with your enterprise storage needs.
 

 

Features

Security-hardened, high-performance appliance
Provides tamper-resistant and designed to FIPS 140-2 level 3 specifications; optimized for large enterprise storage environments.

IEEE P1619.3 draft key management protocol
Achieve broad interoperability across mixed storage infrastructure with extensibility for future standards-based, self-encrypting devices.
 
Key backup and recovery
Ensure long-term, reliable access to data with secure backup of encryption keys to offsite and recovery data centers.

Certified device integration
Tested and validated support from Thales and technology partners for a full range of storage encryption solutions.

Separation of duties
Separation of administrative roles ensures that no single user has over-privileged entitlements to compromise encryption key integrity.

Logging and reporting
Administrative and system functions are logged for quick response to formal audits and ad hoc inquiries, with the ability to integrate with SNMP for warnings to system availability or attempts to compromise the appliance.

Secure audit facility
Tamper-resistant logging provides traceability of all actions and includes role-based access to auditing.

Scalability to support Large Deployments
Manage keys for all of your storage systems under a unified key management strategy.

 

Specifications

Key management protocols
• IEEE P1619.3 draft 6 compliant switch, tape, and disk encrypting devices
• IBM disk and tape (TKLM 1.0 compatible devices)
• Key states supported: P1619.3 and NIST

Management framework
• Internet Explorer and Firefox compatible web-based GUI and command line interface
• Multiple administrator roles for separation of duties (Smart Card authentication option)
• M of N system key sharing for backup and recovery to Smart Cards
• Key groups and domains with an ability to set trust relationships
• Per-tape, per-LUN encryption key granularity
• Up to 25 million keys, 256 endpoint devices, supported

Physical appliance attributes
• 2U appliance, 30 lbs (13.6 kg), 19" rack mountable (17" x 30" x 3.5"; 432mm x 762mm x 89mm)
• Hot-swappable, redundant fans and universal power supplies
• 100/240 VAC, 50/60 Hz, 460

 

Related Resources

White Papers

Related Data Sheets

Webinars


  • Integrating Encryption: Pain vs. Gain
    Fitting encryption technology into existing application portfolios can be difficult if it’s not properly planned. This Thales webinar examines the essential factors to consider.