Last updated: 16 May 2016
This post originally appeared on SafeNet’s The Art of Data Protection blog prior to Gemalto’s acquisition of SafeNet.
Today, SafeNet announced its entrance into the storage security market with Safenet StorageSecure, a unique storage encryption solution developed in partnership with storage and data management leader, NetApp. To learn more about the partnership and how StorageSecure fits into the NetApp product portfolio, I sat down with NetApp’s Mike Wong, a technical marketing engineer and acting product manager responsible for NetApp storage security solutions.
Q: How did NetApp get into the encryption game?
A: NetApp customers store their most valuable data on our equipment and we’ve always believed in providing the strongest security technologies available. Integrated data protection is critical to achieving 100% accessibility to critical data. This is a hallmark of what we call an Agile Data Infrastructure. In 2005, NetApp acquired Decru, whose flagship products were storage encryption solutions, and I actually came on board in that acquisition. As part of NetApp, we’ve developed innovative ways to protect data at rest, and we’ve also looked to foster partnerships with industry leaders who complement our solution delivery. One of these partners is SafeNet. SafeNet has demonstrated leadership in the encryption and key management space, and has been able to help take our encryption product line to the next level. The new offering is strong and builds on the success we had, providing continuity for our customers who understand the value of encrypted storage.
Q: So what solutions are available today from SafeNet and NetApp?
A: We currently have KeySecure and StorageSecure. KeySecure is a key manager, and the successor to NetApp LKM appliance. StorageSecure is an Ethernet-based encryption solution that is the successor to DataFort. The SafeNet StorageSecure appliance brings a number of improvements to the original platform. For example, where DataFort was available only in 1 GbE, StorageSecure has both a 1 GbE and a 10 GbE model to handle the increasing data storage needs of our customers today. KeySecure is able to store and manage keys for not just StorageSecure, but a plethora of other encryption products which support the Key Management Interoperability Protocol (KMIP).
The way I like to explain the product interaction between SafeNet and NetApp is that NetApp is the storage at the end of the data path, the customer is the host, and StorageSecure sits in between to encrypt information at the storage level, and then decrypt data at the host level. NetApp is the storage vendor and SafeNet offers products to help our customers protect that storage.
Q: What are some of the common use cases where organizations would need encrypted storage?
A: One of the biggest use cases for encrypted storage is virtualization, which is an area of expertise for NetApp. Many service providers want the ability to compartmentalize their storage systems to offer multi-tenancy. In the old paradigm, if a storage provider had customers A, B and C – who may all be competitors – they would need three separate systems to ensure separation of data. Now, providers are able to combine systems and compartmentalize with virtual storage running a single system. From the customer’s point of view, it looks like they have a separate, dedicated storage system, but really it’s just a virtual environment running on one central machine.
The financial sector has always been keen on encryption. Banks, for example, have been interested for a long time and are using encrypted storage. There’s also been a resurgence in the healthcare industry. This past year, numerous healthcare organizations have been asking for encrypted storage for HIPAA and HITECH compliance.
Many service providers tell me that their customers in other industries are coming to them and asking for encryption options, primarily for regulatory compliance such as PCI and California SB 1386. California SB 1386 was the first regulation requiring companies to notify customers if their personal information had been breached – unless that information was encrypted. By last count, at least 46 states have adopted similar notification laws, which is driving up demand for encrypted storage. Especially for high-profile companies, encrypting data is a form of brand protection because now those companies can say, “Yes, we had a breach, but they didn’t get anything because your data was encrypted first.”
Q: What’s unique about StorageSecure and how does that help NetApp customers?
A: The unique thing about StorageSecure is that its encryption is so granular. Storage admins are able to enforce policies, compartmentalize, and separate data in ways that no one else is able to today. StorageSecure provides granular encryption for data at rest, encrypting at the CIFS and NFS level. Storage providers have the choice to able to encrypt at the vFiler level so the entire volume is encrypted, or simply shares within the virtual construct. NetApp customers such as ISPs are now able to offer their clients different tiers of storage, depending on whether they want just compartmentalized storage, or compartmentalized and encrypted storage.
It’s a solution that is relevant for both new and existing customers, and one that fills a real need in the marketplace. We’re seeing a lot of net new opportunities with organizations needing a new storage platform and they can buy encrypted storage from NetApp. But the StorageSecure works with a variety of existing storage systems, so even if organizations have significant investments in existing storage and need encryption immediately, StorageSecure can fill that need.
Q: Where can people go to find out more about StorageSecure and NetApp storage solutions?
A: Both NetApp and SafeNet will be at VMworld next week, so attendees can stop by either of our booths for information. NetApp is at booth 1402 and SafeNet is at booth 1901. I’ll actually be presenting in the SafeNet booth at 3pm on Monday and Wednesday about securing storage in virtual environments. We also have several digital resources available on the web. My sessions will be posted to NetAppTV and NetApp.com is always a fantastic resource.
For information on NetApp’s integration with SafeNet StorageSecure, visit http://www.netapp.com/us/products/storage-security-systems/storagesecure-encryption/, and for information on their integration with SafeNet KeySecure visit http://www.netapp.com/us/products/storage-security-systems/key-management/keysecure/.