storage security: the next frontier
DESCRIPTION
Storage Security: The Next Frontier. Jim Anderson Vice President, Marketing Networking and Storage Products Group May 2008. Agenda. Market Trends Impacting Storage Security Need for Security of Data-at-Rest New Data-at-Rest Security System Seagate Self-Encrypting Drives. - PowerPoint PPT PresentationTRANSCRIPT
Storage Security: The Next Frontier
Jim AndersonVice President, Marketing
Networking and Storage Products GroupMay 2008
LSI Proprietary 2
Agenda
• Market Trends Impacting Storage Security
• Need for Security of Data-at-Rest
• New Data-at-Rest Security System
• Seagate Self-Encrypting Drives
LSI Proprietary 3
Trend #1: New Usage Models Driving the Information Explosion
• Web commerce, social networking, telecommuting, telepresence, tele-education
• IP traffic expected to double every 2 yearsthrough 2011*
• Information created per year to increase by 6x by 2011**
• Growth in unstructured rich data (video, audio, images) exceeds structured data growth***
• More connections, faster speeds, and richer data require expanded security
Digital Information Created, Captured, Replicated Worldwide*
AvailableStorage
Information Created
2005 2006 2007 2008 2009 2010 20110
200
400
600
800
1000
1200
1400
1600
1800
Exa
byte
s
* Source: Cisco** Source: IDC, “The Diverse and Exploding Digital Universe”, IDC Doc #204807, March 2008 ***Source: IDC, Storage Infrastructure: Innovations for the Future Datacenter, IDC Doc #DR2008_1RV, 2008
Worldwide Enterprise Disk Storage Consumption: 2007-2011
0
5
10
15
20
25
2007 2008 2009 2010 2011
Ex
ab
yte
s
Structured and Replicated Data Unstructured DataStorage Security must be Scalable
LSI Proprietary 4
Padlock
Firewall
Stateful Firewall
VPN
Blended Attack
Corporate
Espionage
Identity Theft
Keyboard Loggers
Image Spam
Spyware
Text Spam
Indecent Content
Trojans
Worms
Viruses
Moat Physical
ConnectionBased
Anti-Virus
Web-Filtering
ContentBased
IDS/IPS
Anti-Spam
Anti-Spyware
Anti-X
Firedoor
ContentProcessing
Theft
Siege
Intrusions
Defacement
File Deletion
Co
mp
lexityTrend #2: Evolving Security Threats
* source: IDC, “Enterprise Security Survey: The Rise of the Insider Threat,”
IDC Doc #204807 Dec 2006
Greatest Perceived Threat
Small (1-99)
Medium (100-999)
Large (10000+)
Company Size
Pe
rce
ive
d T
hre
at
ExternalInternal
Storage Security must Protect All Data at All Times
• Motivation shift from proof-of-conceptto profit-motivated
• Must protect against multipleblended attacks
• Complexity of threats increasing
• Insider securitythreat on the rise*
LSI Proprietary 5
LSI Approach to Storage and Networking Security
Standard products with integrated security functions
Content inspection processorsComponent
Broad portfolio of security IP blocks (IPSec, MACSec, etc.)
Silicon
Silicon-to-Systems-to-Software Approach
System & SW Working with industry partners
to develop complete storage security systems
Today’s Focus: Data-at-Rest Security System
LSI Proprietary 6
Agenda
• Market Trends Impacting Storage Security
• Need for Security of Data-at-Rest
• New Data-at-Rest Security System
• Seagate Self-Encrypting Drives
LSI Proprietary 7
Today’s Storage Environment
Shared DAS
Storage System
BladeServers
Server
HBA
FC Switch
JBOD
PCI RAID
Ethernet Switch
JBOD
SANStorage System
Server Server
WorkstationPCs
Storage Security must be based on Industry Standards and provide Interoperability between Devices
LSI Proprietary 8
Why Encrypt Data-At-Rest?
• Data spends most ofits life at rest
• Disk drives are mobile
• Loss of customer data requires disclosure – average cost of disclosure estimated at $14M USD per incident*
• Majority of US states and EU have safe harbors for encryption
* source: Ponemon Institute, “Lost Customer Information: What Does a Data Breach Cost Companies?”, November 2005* source: Ponemon Institute, “Lost Customer Information: What Does a Data Breach Cost Companies?”, November 2005
LSI Proprietary 9
Agenda
• Market Trends Impacting Storage Security
• Need for Security of Data-at-Rest
• New Data-at-Rest Security System
• Seagate Self-Encrypting Drives
LSI Proprietary 10
T10/T13(TCG)
Data-at-Rest Security System Elements
• Key Management System
– Stores and serves authentication keys
• Storage System
– Authenticates with key source
– Passes key to drive
– Makes encryption function transparent to applications
• Self-encrypting drives (SED)
– Data is always encrypted
– AES hardware encryption built in
– No performance impact
Disk Storage Array
IEEE P1619.3
Key Management System
Full Enterprise Data-at-Rest Solution fromIBM, Seagate and LSI
SED SED SED SED SED
DataAuthentication
Communication Path
LSI Proprietary 11
Storage System’s Role in a Data-At-Rest Solution
Data Flow
Key Flow
Storage
System
Management Station
ApplicationServers
Self-encryptingdrive (SED)
FC SAN
Enterprise Storage Key Management Server Environment
Management Flow
Key Server IEEEP1619.3
Administrator requests creation of new key
Storage System requests new key from Key Server
Key Server generates new key and sends to Storage System
Storage System passes key to SED
SED unlocks and appears as “regular” drive to application servers, OS, etc.
LSI Proprietary 12
Benefits of the Storage Security System
• Inherently Scalable
– Scales with increasing richer,unstructured data
• Everything is encrypted
– No performance penalty
– Transparent to end user
• Standards-based / Unified key management
– Works with all types of storage devices
– Multiple sources, interoperable
LSI Proprietary 13
Self-Encrypting Drives…
We ThePeople of theUnited States
of America
LSI Proprietary 14