140 likes | 241 Views
Storage Security: The Next Frontier. Jim Anderson Vice President, Marketing Networking and Storage Products Group May 2008. Agenda. Market Trends Impacting Storage Security Need for Security of Data-at-Rest New Data-at-Rest Security System Seagate Self-Encrypting Drives.
E N D
Storage Security: The Next Frontier Jim Anderson Vice President, Marketing Networking and Storage Products Group May 2008
Agenda • Market Trends Impacting Storage Security • Need for Security of Data-at-Rest • New Data-at-Rest Security System • Seagate Self-Encrypting Drives LSI Proprietary
Trend #1: New Usage Models Driving the Information Explosion Web commerce, social networking, telecommuting, telepresence, tele-education IP traffic expected to double every 2 yearsthrough 2011* Information created per year to increase by 6x by 2011** Growth in unstructured rich data (video, audio, images) exceeds structured data growth*** More connections, faster speeds, and richer data require expanded security Digital Information Created, Captured, Replicated Worldwide* 1800 1600 Information Created 1400 1200 Exabytes 1000 800 600 Available Storage 400 200 0 2005 2006 2007 2008 2009 2010 2011 Storage Security must be Scalable * Source: Cisco ** Source: IDC, “The Diverse and Exploding Digital Universe”, IDC Doc #204807, March 2008 ***Source: IDC, Storage Infrastructure: Innovations for the Future Datacenter, IDC Doc #DR2008_1RV, 2008 LSI Proprietary
Motivation shift from proof-of-conceptto profit-motivated Must protect against multipleblended attacks Complexity of threats increasing Insider securitythreat on the rise* Trend #2: Evolving Security Threats Blended Attack Corporate Espionage Identity Theft Keyboard Loggers Image Spam Spyware Text Spam Indecent Content Trojans Worms Viruses Content Processing Anti-X Firedoor Anti-Spyware Complexity Anti-Spam Web-Filtering IDS/IPS ContentBased Anti-Virus Intrusions Defacement File Deletion Stateful Firewall VPN ConnectionBased Firewall Theft Siege Padlock Physical Moat Storage Security must Protect All Data at All Times * source: IDC, “Enterprise Security Survey: The Rise of the Insider Threat,” IDC Doc #204807Dec 2006 LSI Proprietary
Working with industry partners to develop complete storage security systems System & SW • Broad portfolio of security IP blocks (IPSec, MACSec, etc.) Silicon Silicon-to-Systems-to-Software Approach LSI Approach to Storage and Networking Security Today’s Focus: Data-at-Rest Security System • Standard products with integrated security functions • Content inspection processors Component LSI Proprietary
Agenda • Market Trends Impacting Storage Security • Need for Security of Data-at-Rest • New Data-at-Rest Security System • Seagate Self-Encrypting Drives LSI Proprietary
Today’s Storage Environment Storage Security must be based on Industry Standards and provide Interoperability between Devices JBOD Workstation PCs Ethernet Switch Server Server Server BladeServers PCI RAID HBA FC Switch Shared DASStorage System JBOD SANStorage System LSI Proprietary
Why Encrypt Data-At-Rest? Data spends most ofits life at rest Disk drives are mobile Loss of customer data requires disclosure – average cost of disclosure estimated at $14M USD per incident* Majority of US states and EU have safe harbors for encryption * source: Ponemon Institute, “Lost Customer Information: What Does a Data Breach Cost Companies?”, November 2005 LSI Proprietary
Agenda • Market Trends Impacting Storage Security • Need for Security of Data-at-Rest • New Data-at-Rest Security System • Seagate Self-Encrypting Drives LSI Proprietary
Data-at-Rest Security System Elements Key Management System Stores and serves authentication keys Storage System Authenticates with key source Passes key to drive Makes encryption function transparent to applications Self-encrypting drives (SED) Data is always encrypted AES hardware encryption built in No performance impact Key Management System Disk Storage Array SED SED SED SED SED Communication Path Authentication Data Full Enterprise Data-at-Rest Solution fromIBM, Seagate and LSI IEEE P1619.3 T10/T13(TCG) LSI Proprietary
Storage System’s Role in a Data-At-Rest Solution Enterprise Storage Key Management Server Environment Administrator requests creation of new key Management Station ApplicationServers Storage System Storage System requests new key from Key Server Storage System passes key to SED FC SAN Key Server Key Flow Self-encryptingdrive (SED) IEEE P1619.3 Data Flow Management Flow SED unlocks and appears as “regular” drive to application servers, OS, etc. Key Server generates new key and sends to Storage System LSI Proprietary
Benefits of the Storage Security System Inherently Scalable Scales with increasing richer,unstructured data Everything is encrypted No performance penalty Transparent to end user Standards-based / Unified key management Works with all types of storage devices Multiple sources, interoperable LSI Proprietary
Self-Encrypting Drives… We The People of the United States of America LSI Proprietary