Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
BLOOMBASE TURNKEY DATA-AT-RESTSECURITY COMPLIANCE SOLUTIONFOR EMC CELERRA EMC CELERRA WITH BLOOMBASE SPITFIRE STORESAFE ESSENTIALS Electronic business data represents an invaluable core asset of today’s enterprises and organizations. Enterprise customers are concerned about being able to manage and use • Bloombase Spitfire StoreSafe is an sensitive information to optimize day-to-day business operations, while protecting it and industry-proven solution for immediate satisfying information privacy compliance needs—without the expense of drastic system security compliance of various standards including HIPAA, PCI DSS, SB 1386, SOX, change and performance degradation. and more The Bloombase Spitfire data-at-rest solution offers advanced security capabilities for a reliable, • Bundled Spitfire KeyCastle enables application-transparent, cipher-text information storage infrastructure. Its tamper-proof automated initial migration of EMC Celerra hardware encryption key security module ensures confidentiality and integrity throughout contents, rekey, and full lifecycle its whole lifecycle. Bloombase Spitfire Cryptographic Module is NIST FIPS 140-2 certified management of cryptographic keys providing FIPS-approved RSA and AES cryptographic algorithms, together with non-FIPS • A web-based management console, ciphers including Camellia, SEED, 3DES, Twofish, Blowfish, etc. command line interface console, and SNMP offer total, simplified management Sensitive persistent data is stored as cipher-text securely stored in EMC® Celerra®. The • Unlike proprietary dedicated hardware encryption and un-encryption processes are automated by re-routing storage paths via with a high entry price, Bloombase Spitfire Bloombase Spitfire StoreSafe Security Server cluster providing virtual plain contents to assumes a pay-as-you-go licensing model authorized hosts and applications. to help reduce your initial investment • To maximize ROI, a single Bloombase EMC Celerra storage targets are accessed by iSCSI, CIFS, and/or NFS storage protocols via Spitfire StoreSafe product: Bloombase Spitfire StoreSafe Security Servers. Ciphered sensitive information is stored in – Enables multiple storage hosts and the EMC Celerra storage system for centralized management. Only authorized access of applications to produce and consume virtual-plain information, by trusted applications and systems, per access rules and security secured at-rest data profiles governed by Bloombase Spitfire StoreSafe encryptors is permitted. Application data – Supports multiple EMC Celerra LUNs, file files, directories, and storage volumes are protected by strong encryption offered by servers, and shares Bloombase Spitfire StoreSafe virtual storages, enabling application servers to achieve – Supports both file- and block-based various information privacy compliance standards immediately and effectively. protection for CIFS, NFS, and/or iSCSI EMC Celerra storage resources SOLUTION ARCHITECTURE The Bloombase Spitfire data-at-rest encryption solution offers wire-speed, on-the-fly encryption and un-encryption of storage data in an EMC Celerra network-attached storage (NAS) system. It requires minimum change in the application tier by dropping-in Spitfire StoreSafe security servers in the storage paths. The Bloombase Spitfire High Availability Suite brings together dual Spitfire security servers as a cluster so when active node fails, backup node picks up and maintains non-stop, mission-critical service at complete storage and host transparency, requiring minimal operator attention. Extending to the disaster recovery infrastructure, storage cipher-texts at the primary site are replicated in their natural encrypted form over a private network to a backup storage system at a secondary site, and secured by a replica of Bloombase SpitfireSOLUTION OVERVIEW
StoreSafe and KeyCastle servers. As storage contents reside on EMC Celerra in their nativeciphered form, data backup done over the physical storage resources is inherentlyencrypted, immediately satisfying secure archival needs.The easy-to-manage Bloombase Spitfire storage security solution helps organizational cus-tomers enforce data confidentiality for storage, which improves overall system security,enables fast key rotation, reduces user workflows, segregates data ownership from adminis-tration and operation, and enhances efficiency and internal controls.Figure 1.RESULTS• A TPC-C-based database benchmarking test is carried out on a sample database stored in an EMC Celerra secured by a Bloombase Spitfire StoreSafe storage security solution.• TPC-C-like queries (with EMC Celerra read, Bloombase Spitfire unencryption) and updates (with Celerra write, Bloombase Spitfire encryption) are generated and applied to simulate workload on the EMC Celerra/Bloombase Spitfire setup.Figure 2. TPC-C queries• For TPC-C queries, Bloombase Spitfire StoreSafe encrypted database server stored in EMC Celerra recorded a nine percent drop in throughput, compared to 31 percent for host-based and 64 percent for column-based.