Data Protection solutions on and off premise

March 23rd, 2018

You have firewalls. You’re feeling confident that the data stored on your premise is safe, and the real worry is when data leaves the building. Right? Wrong! The paradigm that onsite data is safe has quickly changed. At a minimum, I hope you are encrypting your data if it leaves your site, but what about data that is internal and never leaves your environment? Is that data secure?

IBM has created very impressive encryption products for your enterprise. Not just limited to media that leaves your environment, but protecting and encrypting data while it resides within the storage subsystem. IBM’s solution is based on an embedded data encryption engine that uses self-encrypting disks and tape drives. This architecture provides an in-line encryption process. As data enters the drive to be stored, it is automatically encrypted. When data is retrieved, it is automatically decrypted as it moves back through the drive. This process is the same for both disk drives and tape drives. By using the embedded data encryption engine, there is no performance degradation when compared to the non-encrypting drives.

The next question is, what happens if I have a wide variety of hardware in my environment from many different vendors? Does IBM have a solution for a heterogeneous environment as well? The answer is, yes, they do.

Enter IBM Spectrum Virtualize software. This is a software defined storage (SDS) offering that provides Software-level encryption, based upon the field-proven SAN volume controller. In addition to running in the SVC, the same Spectrum Virtualize software also runs in the IBM Storwize V5000, Storwize V7000, IBM Flashsystem V9000 and IBM VersaStack. These encryption capabilities work in a variety of configurations in a mixed IT, cloud or virtualized environment, independent of whatever storage hardware or other encryption protocols are in use.

The IBM Spectrum Virtualize Encryption has the following features.

  • Uses the AES 256-Bit Encryption standard.
  • Encryption is enabled at the storage-pool level.The software can determine if any storage arrays in the pool are using hardware-based encryption. If they are, it will not encrypt the data in those arrays.
  • No restrictions with using encryption along with other storage functions such as Compression or Tiering.
  • Data is automatically decrypted when it is read. Applications will always receive their data in a readable / usable format.

The value of data that requires encryption should be considered carefully. Likewise, encryption methods should also be considered carefully, in order to make sure that they meet the business needs of your environment. Mainline has extensive experience in implementing all of these solutions. Our implementation programs work with you to determine which data to protect, and which options are right for your environment.

Please contact your Mainline Account Executive directly, or click here to contact us with any questions.

Mainline