ArticlesC2 Spring 2022Storage HPE Enterprise Storage, Encryption, Compliance, and Key Management by Manish Upasani March 27, 2022 written by Manish Upasani Hewlett Packard Enterprise is known for its enterprise solutions in the storage ecosystem to effectively store customer data and provide all the mechanisms to protect the data it stores. There are too many attack vectors that can lead to a successful compromise, if not protected against. One of the most important and proven methods to protect internal and external data from falling into the wrong hands is encryption. Almost all solutions offered by HPE offer encryption natively to safeguard customer data. Apart from safeguarding customer data by leveraging encryption, there are many regulatory compliance bodies including PCI, HIPPA, SOX, GDPR, etc. that mandate encryption as one of the most important and non-negotiable control measures. In light of all these industry best practices and enforcement from regulatory bodies, encryption is now accepted as the de facto strategy for protecting all sensitive data. But with this ease of safeguarding the customer data, comes some complexities. Encryption moves the responsibility of safeguarding the data to a reduced number of core factors and if not done correctly can result in a denial of service or compromise and hefty penalties with a loss of revenue. What can go wrong! There are many outside (and inside) threats to your data. Hacking, phishing, malware, ransomware, data leakage, and cloud computing, just to name a few. Nowadays though, attackers have become more and more sophisticated, which means that the protection methods need to evolve in order to stay ahead of these threats. Encryption will protect your data, right? The answer to that question is not a simple yes or no, but relies on a well-established security posture and set of practices which the organization needs to adhere. Encryption is based around secure algorithms which require secure key management to protect the data which in turn raises some critical questions that need to be addressed – Who has gained access to the keys? Where are the keys stored? Are they safeguarded against prying eyes? Am I using a unique key for each asset protected or are they being reused? Is the access to the keys audited? Do we have separation of duties and keys when stored? The Key to Enterprise Data Security The end goal is to ensure that “the right key is made available to the right asset at the right time and log the usage”. To make this a seamless process, ensuring that there is a dedicated entity to manage the encryption keys is a necessity. These requirements bring in the concept of key-manager – a dedicated, certified, secure, audit-controlled appliance that gives you the right peace of mind while protecting the keys to your kingdom. Key management usage continues to rise Enterprises have realized the need for key management and the market was valued at $1,451 million in 2020 and is now expected to reach $5,456 million by 2026, at a CAGR of 20.7%. (Source: Globenewswire.com). The volume of data created, used, and stored worldwide is expected to grow to 181 Zettabytes by 2025 which means an increase of approx. 129% in comparison to the volume of data in 2021. And it’s needless to say – this data needs the right protection. Also, with the adaptation of cloud, the data is no longer confined to the boundaries of an organization but is going places. Nobody knows when you place your data in a public cloud, where it lives, or a way to control it. Almost all the Cloud Service Providers (CSP) are coming up with different techniques to offer data encryption while the customers are still in charge of the keys. For example – Microsoft Double Key Encryption Google External Key Manager integration BYOK supported by almost all CSPs Let’s assume that an organization has done a good job in protecting itself against threats and is using key management. Even with key management in place, should a key become compromised, the organization may never know it until it has been exploited by the attacker. Weak keys, incorrect use of keys, non-rotation of keys, and inappropriate storage of keys, are just a few of the challenges organizations face even with key management. The answer then is to mitigate these underlying threats with secure and sophisticated key management. What does a key management solution look like? As enterprises today use thousands, and even millions of encryption keys and the storage of these keys becomes more and more tricky, the number one challenge that a key manager should solve is to provide a centralized storage solution for these keys. Other than storage, it should also provide the highest level of security – tamper responsiveness, and industry certifications like FIPS. It should also meet audit, compliance, and other regional mandates. It should use automation to generate keys, renew, and rotate them. As not all employees need access to the keys, the key manager should provide role-based access to keys. All of these features are included in a low-maintenance, simple-to-adopt solution. The vast majority of enterprises are now employing a multi-vendor strategy hence the key manager of choice needs to be able to integrate with all relevant vendors, making interoperability essential. As the organization grows, the key manager needs to be scalable, and highly available to avoid a single point of failure. With the adaptation of cloud, another consideration is a multi-cloud key manager that can safeguard keys when deployed in the cloud but provides an option to integrate with a centralized root-of-trust Hardware Security Module (HSM) which can be placed on-prem or in the cloud. How does Utimaco’s ESKM add value to HPE’s data storage solutions? Traditionally being a part of HP/E’s storge ecosystem, Utimaco Enterprise Secure Key Manager (ESKM) appliance is a complete solution for generating, storing, serving, controlling, and auditing access to data encryption keys. ESKM is the key manager of choice and integrates with the entire HPE ecosystem, in a nutshell, wherever HPE stores and encrypts the data, ESKM helps to safeguard the underlying business-critical and sensitive encryption keys. ESKM is: Secure Meets NIST standards and allows protection at all Levels of Federal Information Processing Standard – 140-2 (Level 1, 2, 3 & even Level 4) Encrypts keys in transit and at rest Certificate-based authentication and built-in CA Manageable Configuration and keys replicated across cluster automatically Hands-off administration, automated backups, and audit logging Deploys as a Virtual Machine or Physical Appliance Integrates with Utimaco CryptoServer as a root-of-trust Available Scales with thousands of nodes in an Active-Active cluster Automatic key replication, client failover Highly redundant hardware Scalable Geographically separated clusters across datacenters Supports thousands of clients, and millions of keys Interoperable Supports OASIS KMIP (Key Management Interoperability Protocol) HPE native KMS protocol REST API for Key management and crypto operations No vendor lock-in Custom integrations using SDK All these benefits are available across the board, irrespective of the storage in use or even when using non-HPE assets like VMware for virtualization or MySQL to store your data. A right key manager must offer the broadest integration portfolio and Utimaco ESKM leads the space with its integrations in the storage space. Conclusion HPE provides robust data storage and compute platforms to store enterprise data and Utimaco ESKM stands with HPE to safeguard these assets while protecting the encryption keys in a secure and FIPS 140-2 compliant fashion. Visit our website to learn more about the most interoperable and integrated Key Manager in the market. March 27, 2022 0 comment 0 FacebookTwitterPinterestEmail
C2 Summer 2021Editors' PicksStorage Why should you care about Unified DataOps – Tom Black talks to Calvin Zito about the new data vision by Calvin Zito June 15, 2021 by Calvin Zito June 15, 2021 On May 4th, HPE Storage made a massive announcement. Leading up to it, I had a blog post with a video that talked about it being the biggest thing I’ve worked on in my 30+ years in HPE Storage. It’s true. There’s a shift that I think is happening … 0 FacebookTwitterPinterestEmail
ArticlesC2 Summer 2021Education and TrainingStorage New look. New brains. All the tools! by Dale Rensing June 15, 2021 by Dale Rensing June 15, 2021 The HPE DEV team is excited to present its revamped HPE Developer Community web portal. Featuring a fresh look and feel, with easier navigation, it provides the resources you need to design and build software experiences that harness the most value from your data. With a new backend system … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2021Storage Around The Storage Block by Calvin Zito March 23, 2021 by Calvin Zito March 23, 2021 I had a really hard time deciding on just one thing to talk about in my quarterly article – there’s been a lot happening in storage and I didn’t want to miss the chance to tell you about it all. So this article will be a bit of a … 0 FacebookTwitterPinterestEmail
ArticlesStorageWinter 2020 HPE Storage 2020 Year in Review by Calvin Zito December 8, 2020 by Calvin Zito December 8, 2020 How do you look back at 2020 to find highlights in what has been probably the toughest year for all of us? Let’s face it, it’s been a tough year. It’s been tough on customers. It’s been tough on vendors. It’s been tough all over. But despite the mess … 0 FacebookTwitterPinterestEmail
Editors' PicksSecurityStorageWinter 2020 A Workplace Paradigm Shift: Building Resilience in Our Workforce and Systems with HPE GreenLake by John Sroka December 8, 2020 by John Sroka December 8, 2020 When the coronavirus pandemic forced everyone out of offices, IT teams scrambled to obtain the necessary hardware and additional software licenses necessary to support entirely remote operations. At the same time, they had to match users’ present and future needs with the appropriate infrastructure. That, combined with many other … 0 FacebookTwitterPinterestEmail
C2 Fall 2020Storage Around The Storage Block by Calvin Zito September 22, 2020 by Calvin Zito September 22, 2020 We spend a lot of time and energy talking about HPE Primera and HPE Nimble Storage – for good reason as I really believe they are the best one-two punch of mid-range and Tier-0 mission critical storage in the industry. 0 FacebookTwitterPinterestEmail
C2 Summer 2020Storage Around the Storage Block by Calvin Zito June 23, 2020 by Calvin Zito June 23, 2020 Leading up to the HPE Discover Virtual Experience we had big news. We just announced some pretty exciting primary storage updates that center on Advancing Intelligence, Mission-Critical DR, Accelerating Apps, and On-Demand Automation. HPE Nimble Storage and HPE Primera are our stars of the day, and I have two ways for … 0 FacebookTwitterPinterestEmail
Spring 2020Storage How Intility uses HPE Primera intelligent storage to move to 100 percent data uptime by Dana Gardner March 24, 2020 by Dana Gardner March 24, 2020 The next BriefingsDirect intelligent storage innovation discussion explores how Norway-based Intility sought and found the cutting edge of intelligent storage. Stay with us as we learn how this leading managed platform services provider improved uptime — on the road to 100 percent — and reduced complexity for its end … 0 FacebookTwitterPinterestEmail
Fall 2019Storage Around The Storage Block by Calvin Zito September 24, 2019 by Calvin Zito September 24, 2019 In this abbreviated article based on an Around the Storage Block blog post, my colleague Simon Watkins looked at what customers said about HPE StoreOnce. There were too many quotes to include in my article so be sure to read the article on ATSB to see everything that was … 2 FacebookTwitterPinterestEmail