EMC Blends RSA Security Into Storage

RSA

The move, announced at this week's RSA Conference in San Francisco, is the first in EMC's long-term plan to implement what it calls information-centric security, rather than perimeter-centric security. The Hopkinton, Mass.-based storage giant acquired RSA Security last fall in a $2.1 billion deal.

Bob Wambach, senior director of Symmetrix product marketing at EMC, said that despite the IT industry spending an estimated $40 billion on security last year, hacks and breaches of corporate networks show that corporate data remains vulnerable to attack.

"Most security solutions don't protect information," Wambach said. "They protect the perimeter. Internal threats are very real. People are doing things from inside the company with their access to data, or from outside the company using social engineering."

Because of the importance of protecting data, EMC aims to integrate RSA technology into its flagship Symmetrix enterprise-class array, according to Wambach. "When EMC acquired RSA in September, there was a lot of speculation about whether EMC wanted it just because it's EMC," he said. "Well, six months later, here we are."

EMC is introducing three new features to Symmetrix to bolster security: Symmetrix Service Credential, Secured by RSA; tamper-proof audit logs; and Certified Data Erasure for Symmetrix.

The Symmetrix Service Credential, Secured by RSA feature uses passwords and encryption to authenticate authorized Symmetrix users based on their role in an organization. "It gives access to a tiny part of the information inside, based on who you are," Wambach said. "If you are an administrator, you can set up user accounts and say who has access to what. Or you might be a storage administrator managing 2 Tbytes of the 10 Tbytes of data, and you don't know what else is stored."

Tamper-proof audit logs keep a record of who accesses which data, allowing companies to identify attempts at unauthorized access to data. "If someone attempts to do something they aren't supposed to do, they would be stopped and then logged," Wambach said. "This highlights exactly what's happening. It's very important for compliance."

Certified Data Erasure for Symmetrix is a tool for electronic "shredding" of data. This works by erasing data on a hard drive that has failed or is scheduled to be replaced by attempting to write over the data multiple times using Department of Defense 5220.22-M technology. The tool then reports on whether the "shredding" was successful.

"If a drive fails, customers are concerned about whether it still contains sensitive data," Wambach said. "Today, major vendors, including EMC, have a service to erase a stack of drives or to do a complete array erasure. Now with the Symmetrix, once a drive is rebuilt after a failure, it will erase the data on the original drive."

Wambach didn't discuss future applications of RSA technology on EMC storage products, including its Clariion line. However, he added that more applications can be expected.

"This is the beginning of the road," he said. "There will be more to come in other EMC product lines. Today, we're only talking about the Symmetrix. With the Symmetrix, we worked with RSA a long time to integrate the technology."

Besides the RSA security features, the Symmetrix array family received a couple of other enhancements to optimize it for tiered storage. They include dynamic cache partitioning, in which the array's cache memory can be allocated to up to eight separate caches on the fly per predetermined high and low thresholds as needed for specific applications.

For example, Wambach said, one application might need a guaranteed minimum of 30 percent of the cache when the array isn't busy and up to 75 percent of the cache when the array is busy. "As the machine gets busy, the system can grab more cache until it reaches the high threshold," he said. "It can do this so financial applications, for instance, get high priority. Or for backup to disk, the application gets a nominal low amount of cache but hits a higher part when doing the backup."

Also new to Symmetrix is the addition of native 4 Gbps Fibre Channel and FICON connectivity based on a technology from Emulex, RAID 6 capability to protect against double hard-drive failures and self-healing capabilities to the company's SRDF replication software that allow data to be replicated to a local disk in case of a temporary outage to a network connection.