The ultimate protection
Security meets storage
Follow @infoworldEncryption is the ultimate protection for sensitive business data, leaving intruders empty-handed even when they manage to skirt firewalls and authentication systems. Fortunately, encryption is supported in just about every OS. Unfortunately, it is still not widely deployed because implementation across different operating systems and storage architectures can be an administrative nightmare, entailing the coordination of developers, security and storage administrators, and end-users across all systems.
A new security appliance from Decru provides a shortcut. The DecruDataFort protects both file-based and block-based storage networks with reliable data encryption, and it does so in a way that's transparent to both applications and users. The DataFort eliminates the need to adjust for different OSes and applications, and it offers a uniform, centralized security-administration environment. Add to that granular configuration options, and you have an encryption system that can be installed and managed with little effort and offers tools to easily close or open the security gates as needed.
For our review, Decru sent a DataFort E440 that encrypts data stored on Ethernet networks such as NAS (network attached storage) appliances or Linux, Unix, and Windows file shares. A different model, the DataFortFC440, provides similar functionality for Fibre-Channel-based storage networks.
Along with the DataFort E440, Decru also sent us a Windows 2000 server, configured as PDC (primary domain controller), which played the double role of file server and management station for the DataFort.
The E440 is a 1U, rack-mountable unit enclosed in a tamper-resistant chassis that includes sensors to detect intrusion attempts; forcing the case open will render the unit inoperable, although each redundant power-supply unit can be removed without affecting operations. Decru provides its own hardened OS that supports 3DES (triple data encryption standard) or AES (advanced encryption standard) encryption with 128- or 256-bit keys.
The E440 acts as a storage proxy that sits between clients and servers, connected via Gigabit Ethernet or standard Ethernet, intercepting and encrypting or decrypting data on the fly. To improve performance, encryption and decryption of data exchanged between servers and clients in the storage network is handled by a dedicated processor.
After setting the IP configuration via serial connection or from the unit control panel, the E440 can be managed from a Windows PC via secure browser connection. Appropriately, the DataFort requires smart cards to authenticate administrative access to the E440 and to the management station, which provides much greater security than simply typing user ID and password.
