• Compliance validation—Proof of compliance is required by government and industry regulations.
You must establish control points that ensure repeatable processes, assignment of responsibilities,
and role separation. You must be able to prove that policies are being enforced for internal and
external audits.
Assessing security risks
This section describes best practices for assessing and addressing security risks.
Managing organizational risks
Managing organizational risks involves the following actions:
• Protecting IT resources
• Protecting data in all states (at-rest, in-transit, or in-use)
• Providing validation to internal and external auditors
The HP Secure Advantage solution addresses these security issues using a suite of integrated products.
Integration of encryption and key management technologies with identity management in a hardened
infrastructure ensures that the correct data is delivered to the intended users. Secure Advantage
provides the best layered end-to-end security approach with identity management at the network,
system, service, and application layers. It ensures a robust and proactive security framework.
Data security implementations
Data security implementations are categorized as follows:
• Storage network—Consists of switches, appliances, and cables. Switches and appliances come
with support to protect themselves. The storage network components support key management,
encryption services, and authentication of server and storage arrays.
• Servers—Consists of hardware, operating systems, interface cards (NICs and HBAs), and applic-
ations (also known as hosts). Each component comes with support for protecting itself. The interfaces
cards support authentication and secure tunnel.
• Storage arrays—Consists of groups of disks or tapes that use a management application, which
protects the resources through authentication. Storage arrays will support native encryption in the
future.
HP storage security solutions
This section describes HP storage security solutions for the following products:
• C-series Storage Media Encryption, page 407
• C-series SAN-OS security, page 408
• C-series IP SAN security, page 409
• B-series Encryption Switch and Encryption FC Blade security, page 410
• B-series Fabric OS security, page 411
• Key management, page 415
C-series Storage Media Encryption
SME is a standards-based encryption solution for heterogeneous and virtual tape libraries. SME is
managed with the Cisco Fabric Manager web client and a command-line interface, which supports
unified SAN management and security provisioning. SME is a comprehensive network-integrated
SAN Design Reference Guide 407
To Next Page
Loading...
