IBM DS3500 - The Need for Encryption; Encryption Method Used

790 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

7914FDE.fm Draft Document for Review March 28, 2011 12:24 pm

450 IBM System Storage DS3500: Introduction and Implementation Guide

15.1 The need for encryption

Data security breaches are becoming increasingly common, and the threat of unauthorized

access to sensitive data and intellectual property is growing. Data security is now a common

component of the corporate landscape, mostly driven by regulatory compliance, and security

efforts can often be fragmented.

At some point, all drives are out of an organization’s control and vulnerable to a breach. For

example, with “re-purposing”, decommissioning, or disposal of individual disks, common

methods of security are often insufficient when:

򐂰 Deleted files can be reinstated.

򐂰 Drive disposal methods are subject to human error.

򐂰 Password protected data can still be accessed by a skilled individual.

򐂰 Disk reformatting erases data on disks but information can still be recovered.

1

In each case, a risk is introduced where legible data might be recovered from disk. This can

be made significantly more difficult if Disk Security on a DS3500 storage subsystem is

employed.

15.1.1 Encryption method used

The FDE drives have encryption hardware, and can perform symmetric encryption and

decrypting of data at full disk speed with no impact on performance. The disk encryption

hardware is used in conjunction with IBM Disk Encryption Storage Manager on the DS3500

storage subsystem. It uses asymmetric encryption to encrypt and decrypt the data key. IBM

Disk Encryption Storage Manager will generate encryption and decryption keys that are used

to lock each FDE drive.

Without these IBM Disk Encryption Storage Manager managed keys, the user (authorized or

unauthorized) can no longer decrypt the data on disk.

1

Some utilities used to “erase” data from disks and arrays are not fully successful when such data can still be

recovered using forensic techniques

Important: FDE and drive-level encryption technology is a new and additional level of data

protection, but it does not replace the access controls and security processes that exist;

rather, it complements them.

Important: Should these keys and all copies be lost, then the encrypted data on disk

cannot be decrypted and is therefore considered lost.

Table of Contents

Other manuals for IBM DS3500

Installation, User's, And Maintenance Guide222 pages

Installation, User & Maintenance Guide180 pages

Related product manuals

Preview: IBM System Storage DS3500

IBM System Storage DS3500

Preview: System Storage DS3524 Express

System Storage DS3524 Express

Preview: IBM DS3000

Preview: IBM System Storage DS3300

IBM System Storage DS3300

Preview: IBM System Storage DS3000

IBM System Storage DS3000

Preview: IBM DS8800

Preview: IBM DS8000

Preview: IBM DS8880 Series

IBM DS8880 Series

IBM DS4700 EXPRESS

Preview: IBM TotalStorage DS8000

IBM TotalStorage DS8000

Preview: IBM System Storage DS5020

IBM System Storage DS5020

Preview: Midrange System DS4000 Series

Midrange System DS4000 Series