Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
StoreSafe and KeyCastle servers. As storage contents reside on EMC Celerra in their nativeciphered form, data backup done ...
Figure 3. TPC-C inserts and update                                                     • For TPC-C inserts and updates, Bl...
Upcoming SlideShare
Loading in …5

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra


Published on

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra

  1. 1. BLOOMBASE TURNKEY DATA-AT-RESTSECURITY COMPLIANCE SOLUTIONFOR EMC CELERRA EMC CELERRA WITH BLOOMBASE SPITFIRE STORESAFE ESSENTIALS Electronic business data represents an invaluable core asset of today’s enterprises and organizations. Enterprise customers are concerned about being able to manage and use • Bloombase Spitfire StoreSafe is an sensitive information to optimize day-to-day business operations, while protecting it and industry-proven solution for immediate satisfying information privacy compliance needs—without the expense of drastic system security compliance of various standards including HIPAA, PCI DSS, SB 1386, SOX, change and performance degradation. and more The Bloombase Spitfire data-at-rest solution offers advanced security capabilities for a reliable, • Bundled Spitfire KeyCastle enables application-transparent, cipher-text information storage infrastructure. Its tamper-proof automated initial migration of EMC Celerra hardware encryption key security module ensures confidentiality and integrity throughout contents, rekey, and full lifecycle its whole lifecycle. Bloombase Spitfire Cryptographic Module is NIST FIPS 140-2 certified management of cryptographic keys providing FIPS-approved RSA and AES cryptographic algorithms, together with non-FIPS • A web-based management console, ciphers including Camellia, SEED, 3DES, Twofish, Blowfish, etc. command line interface console, and SNMP offer total, simplified management Sensitive persistent data is stored as cipher-text securely stored in EMC® Celerra®. The • Unlike proprietary dedicated hardware encryption and un-encryption processes are automated by re-routing storage paths via with a high entry price, Bloombase Spitfire Bloombase Spitfire StoreSafe Security Server cluster providing virtual plain contents to assumes a pay-as-you-go licensing model authorized hosts and applications. to help reduce your initial investment • To maximize ROI, a single Bloombase EMC Celerra storage targets are accessed by iSCSI, CIFS, and/or NFS storage protocols via Spitfire StoreSafe product: Bloombase Spitfire StoreSafe Security Servers. Ciphered sensitive information is stored in – Enables multiple storage hosts and the EMC Celerra storage system for centralized management. Only authorized access of applications to produce and consume virtual-plain information, by trusted applications and systems, per access rules and security secured at-rest data profiles governed by Bloombase Spitfire StoreSafe encryptors is permitted. Application data – Supports multiple EMC Celerra LUNs, file files, directories, and storage volumes are protected by strong encryption offered by servers, and shares Bloombase Spitfire StoreSafe virtual storages, enabling application servers to achieve – Supports both file- and block-based various information privacy compliance standards immediately and effectively. protection for CIFS, NFS, and/or iSCSI EMC Celerra storage resources SOLUTION ARCHITECTURE The Bloombase Spitfire data-at-rest encryption solution offers wire-speed, on-the-fly encryption and un-encryption of storage data in an EMC Celerra network-attached storage (NAS) system. It requires minimum change in the application tier by dropping-in Spitfire StoreSafe security servers in the storage paths. The Bloombase Spitfire High Availability Suite brings together dual Spitfire security servers as a cluster so when active node fails, backup node picks up and maintains non-stop, mission-critical service at complete storage and host transparency, requiring minimal operator attention. Extending to the disaster recovery infrastructure, storage cipher-texts at the primary site are replicated in their natural encrypted form over a private network to a backup storage system at a secondary site, and secured by a replica of Bloombase SpitfireSOLUTION OVERVIEW
  2. 2. StoreSafe and KeyCastle servers. As storage contents reside on EMC Celerra in their nativeciphered form, data backup done over the physical storage resources is inherentlyencrypted, immediately satisfying secure archival needs.The easy-to-manage Bloombase Spitfire storage security solution helps organizational cus-tomers enforce data confidentiality for storage, which improves overall system security,enables fast key rotation, reduces user workflows, segregates data ownership from adminis-tration and operation, and enhances efficiency and internal controls.Figure 1.RESULTS• A TPC-C-based database benchmarking test is carried out on a sample database stored in an EMC Celerra secured by a Bloombase Spitfire StoreSafe storage security solution.• TPC-C-like queries (with EMC Celerra read, Bloombase Spitfire unencryption) and updates (with Celerra write, Bloombase Spitfire encryption) are generated and applied to simulate workload on the EMC Celerra/Bloombase Spitfire setup.Figure 2. TPC-C queries• For TPC-C queries, Bloombase Spitfire StoreSafe encrypted database server stored in EMC Celerra recorded a nine percent drop in throughput, compared to 31 percent for host-based and 64 percent for column-based.
  3. 3. Figure 3. TPC-C inserts and update • For TPC-C inserts and updates, Bloombase Spitfire StoreSafe encrypted database stored in EMC Celerra recorded a 12 percent drop in throughput, compared to 53 percent for host- based and 59 percent for column-based. CONCLUSIONS • Wire-speed encryption performance with least degradation in storage I/O and throughput • Turnkey and proven solution for immediate compliance to stringent information confidenti- ality regulatory requirements, no application change or second development needed • Fast deployment and automated migration versus alternatives’ manual script-based migra- tion approach • iSCSI block-based and CIFS file-based encryption in a single solution • Highly secure NIST FIPS 140-2 level 3 total key management • Highly available and fault-tolerant • Low total cost of ownership ABOUT BLOOMBASE Bloombase develops and markets Spitfire and Keyparc information security compliance solu- tions for enterprises and organizations to address data-at-rest and in-flight threats. Focused on solving the problem of securing enterprise transit and storage data, Bloombase has pio- neered the use of encryption and authentication technologies that fit transparently into any enterprise IT environment. For more information, please refer to CONTACT US ABOUT EMC To learn how EMC products, services, and EMC Corporation is the world’s leading developer and provider of information infrastructure solutions can help solve your business and technology and solutions that enable organizations of all sizes to transform the way they IT challenges, contact your local representative compete and create value from their information. Information about EMC’s products and or authorized reseller—or visit us at services can be found at EMC2, EMC, Celerra, the EMC logo, and where information lives are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. © Copyright 2011 EMC Corporation. All rights reserved. Published in the USA. 01/11 Solution Overview H8568EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 In North America