Dell Compellent and SafeNet
KeySecure
SafeNet: What We Do
Trusted to protect the world’s most sensitive data for the
world’s most trusted brands.
We protect the most
money that moves in the
world, $1 trillion daily.
We protect the most digital
identities in the world.
FOUNDED
OWNERSHIP
1983
Private
REVENUE
GLOBAL FOOTPRINT
340m
25,000+
Customers in
100 countries
We protect the most
classified information in
the world.
2
EMPLOYEES
ACCREDITED
1,500+
Products certified
to the highest
security standard
In 25 countries
Why Data at Rest Encryption?
Secures data wherever it resides
•
Data remains secured both in and out of the data center
•
Secures data in event of drive, array or Storage Center system theft
•
Protect intellectual property and digital assets from unauthorized access
Full data control
•
Only authorized users with appropriate keys have access.
•
Key loss or deletion renders data permanently unreadable.
•
Keys never appear in the clear on outside networks
•
Log and audit user access to IP
Compliance
3
•
PCI-DSS, HIPAA, Basel II, 46+ State Laws, European Union requirements
•
Regulatory violations bring financial and legal penalties
•
Proactive security and reputation preservation have compelling ROI
Dell Compellent
Self-encrypting Drives (SED)
• Secures data against
–
–
–
lost, transported or stolen drives
theft of entire array
theft an entire Storage Center system
• 100% unrecoverable keys
–
Key loss means data loss. No back door to access data on stolen drives
• Removed or stolen drives are automatically locked
–
–
Even if platters are placed on a spin stand, data is secure
Keys are secure and never passed in the clear on outside networks
• Robust encryption and security
–
–
Secured using 256-bit AES encryption
Option to operate in non-SED mode without system impact
–
FIPS 140-2 Level 2 security
• Instant cryptographic erase
4
–
–
Delete keys to decommissioned drives to render data unreadable
Cryptographically erase data on individual drive basis
SafeNet KeySecure
Enterprise Key Management
Each SED drive contains its own encryption key. How
do you effectively manage an entire datacenter?
• Centralized key management
–
–
–
Store, manage, generate, distribute, rotate, back up, activate,
deactivate, and destroy keys
Up to 1 million keys per cluster
High assurance level
–
Geographically dispersed operations
• Standard-based approach: OASIS KMIP
–
–
–
Manage keys for: Dell Full Disk Encryption
Other supported 3rd party KMIP-based solutions
Supports key management for cloud solutions
• Hardware encryption key storage
–
Maintain encryption keys in SafeNet Luna SA (HSM) and PCI Card
• World Class Support Services
5
–
7x24x365 Support offerings available
k150
k460
25,000 max keys
1,000,000 max keys
100 max concurrent
clients
1,000 max concurrent
clients
FIPS 140-2 Level 1
FIPS 140-2 Level 3
KeySecure manages keys for many vendors
6
Key Benefits
• Centralize Encryption Key Management
–
Unify key management (e.g. key generation, escrow, recovery) for all Compellent selfencrypting drives and other KMIP compatible solutions in SafeNet’s partner ecosystem behind
an intuitive graphical user interface.
• Multi-Tenant Data Isolation
–
Share storage resources while securing data by business policy to segregate data for multiple
departments, business units, or customers.
• High Availability Configurations
–
Cluster appliances to maintain encrypted data availability in geographically dispersed data
centers.
• Separation of duties
–
Segment key ownership and management based on individuals or by group owners to protect
sensitive material against unauthorized access from staff.
• Auditing and Logging
–
7
Detailed logs can be used by SIEM reporting tools such as IBM QRadar, Splunk and others for
improved day-to-day operations management and easier compliance reporting.
KeySecure Summary
Security
Performance
Flexibility
Manageability
Availability
8
• Hardware-based, centralized key and policy management
• FIPS/CC certified solution
• Authentication and authorization
• Low and high performance models (k460, k250, k150, k150v)
• Models matched to performance requirements
• Efficient backup/restore capabilities, local encryption option
• Support for heterogeneous environments (app, db, file)
• Support for open standards and APIs and stress KMIP
• Range of enterprise deployment models
• Intuitive, easy-to-use administration
• Separation of duties
• Centralized policy management
• Enterprise clustering and replication
• Load balancing, health checking, and failover
• Geographically distributed redundancy
Questions?
Blair Semple
Director Business Development
blair.semple@safenet-inc.com
Alex Hanway
Partner Marketing Manager
alex.hanway@safenet-inc.com
For more information visit:
http://www.safenet-inc.com/partners/dell
9