NetApp - Jay's Blog

Back in June, I had the fortune of attending Game 4 of the NBA finals between the Lakers and the Celtics courtesy of a good NetApp partner, Insight Investments. I also had the misfortune that night of having my briefcase stolen from the rental car in the parking lot.   

That night gave me a personal glimpse into the importance and complexity of key management.

If your laptop is like mine, you have all kinds of website passwords stored on it for the convenience of not having to remember them when you travel.  As I flew home, my level of panic grew as I calculated the financial havoc the thief could inflict if they broke through the top-line login. I got home at midnight and spent the next few hours changing logins and passwords on dozens of financial, storefront, and other sites. in doing this, I realized I had used the same two or three passwords for everything because it was easy for me.  Which made it easy for the thief. This prompted me to develop a more secure method of creating, using, and remembering personal passwords for the diversity of digital domains in which I dwell. My "system" is separate from my laptop or desktop so I can use it with either device, and avoid the problem of someone stealing it along with my data. I put my "system" in more than one place to protect against physical loss.  I also thought about what a pain it was and how it would not scale if I added more than the few dozen sites I use now.

I'll get back to this in a minute.

NetApp and Brocade announced a data security partnership today. Brocade has new blindingly fast Fibre Channel switches and director blades that integrate almost 100 GB/s of encrypting bandwidth. We worked with Brocade to ensure that the encryption/decryption capability of this switch is compatible with the NetApp DataFort, and NetApp will resell the Brocade products as our next generation FC DataFort. We always expected that encryption would become a feature of storage devices, tape drives, and fabric switches and this was our strategic intent when we acquired Decru 3 years ago.

This kind of interchangeability of encryption devices depends on centralized, strong key management. NetApp’s Lifetime Key Manager was designed to support multiple encrypting devices. It supports DataForts, Oracle Advanced Security Option, (come see this at Oracle Open World in San Francisco this week) and now Brocade.  It also enables millions of keys to be shared between multiple locations.  Keys can be automatically restored to a device that has been replaced, and are protected in a FIPS-140-2 Level 3 standard strongly secured system.   

Encrypting data solves a broad class of risks of unauthorized access.  Encryption requires keys. Unless a company decides to use the same key for all data they encrypt, (which has about as much security as Sarah Palin's email) they need to manage those keys.  And change them.  And be able to move them to DR sites.  And be able to recover them.  It is not a trivial task.      

Unlike my little system for keeping track of passwords, it is certainly not something that you can do manually.  The NetApp Lifetime Key Management (LKM) system will do all of this for you across a range of encryption devices.

There are several thousand DataFort systems installed now at companies like Iron Mountain, Qualcomm, CNL Financial, and Regulus Group.   There are hundreds of thousands of disk volumes and tapes encrypted with DataForts using keys stored in LKMs. The combination of Brocade's new fabric-based encryption with NetApp Lifetime Key Management will advance the state of the industry in making data in enterprise datacenters more secure.