HP Adds Encryption And Key Management To Storage
Hewlett-Packard Co., Palo Alto, Calif., on Monday unveiled an addition to Fibre Channel storage switches to encrypt data over a SAN, an encryption device to manage LTO-4 tape drive encryption keys, a compliance option for encrypting LTO-4 tape libraries, and an assessment tool to help solution providers and their customers understand their security vulnerabilities.
The new products were unveiled at the RSA conference, held this week in San Francisco.
Carlos Martinez, senior product manager for HP's StorageWorks, said HP has already started shipping the MDS 9222i Storage Media Encryption fabric switch, based on the MDS 9000 Fibre Channel switch from Cisco Systems Inc., San Jose, Calif.
The new switch encrypts data as it is being written to a tape drive or library or a virtual tape library, and is aimed at customers who are not using LTO-4 tape drives, which include native encryption technology, Martinez said. While other Cisco OEMs will probably eventually offer the same capability, HP was the first, he said.
The switch with the Storage Media Encryption option lists for $83,500.
HP is also unveiling an LTO-4 encryption kit for small and midsize business users of its 1/8 G2 and MSL tape libraries who are concerned about the possibility of backup or archive tapes getting lost. The kit includes a pair of USB flash drives onto which the encryption keys of the libraries are securely stored, along with related software and utilities. One of the USB memory sticks stays with the library, while the other is kept off-site for redundancy.
Since the encryption keys are stored on two different USB memory sticks, changing the keys is not as convenient as other technologies, Martinez admitted. "This is not for customers who change keys regularly," he said. "But it's better security than most of them had before."
The kit is expected to ship in June with a list price of about $2,500.
For enterprise customers, HP is showing its new StorageWorks Secure Key Manager, which manages encryption keys and integrates with HP's Compliance Log Warehouse in order to do secure auditing of LTO-4 tape libraries. Both products are hardware appliances, with Secure Key Manager generating and storing encryption keys, and Compliance Log Warehouse collecting data from over 200 different devices for compliance audit purposes, Martinez said.
The Secure Key Manager has a list price of $100,000.
HP is also offering customers an on-line, no-charge tool for evaluating security risks, Martinez said. "Channel partners can use and leverage the tool to help customers expand their privacy," he said.
Also new from HP are new services and software to help securely share data, improve compliance, and protect against network attacks, said Gary Lefkowitz, director of marketing for HP's Secure Advantage portfolio.
HP is demonstrating a new service that scans applications to check for PCI (Payment Card Industry) vulnerabilities based on technologies it gained with the acquisition last year of Spi Dynamics, Lefkowitz said.
The company is also showing a new version of its NetTop software, a dashboard tool that allows public sector organizations to securely view Windows, Unix, and Linux environments via a single window in virtualized environments. It is a secure layered environment based on Security-Enhanced Linux, customized security policies, and server virtualization technology from VMware Inc., Palo Alto, Calif. New to version 2.1 is thin client support as well as an updated virtualization layer and kernel.
HP also integrated new security features into its HP-UX 11i operating systems, and as a result received common criteria certification at the EAL 4 assurance level against Controlled Access and Role-Based Access Control Protection Profiles, Lefkowitz said.