Header-Banner

StorageSecure: Storage Encryption and Security

Self-contained NAS hardware encryption appliance

StorageSecure: Storage Encryption and Security

storage-secure-tn

StorageSecure is all-inclusive, secure hardware NAS storage encryption solution

Download Product Brief

StorageSecure is an all-inclusive, secure hardware storage encryption solution that connects to 1 Gb or 10 Gb Ethernet networks over CIFS and NFS and protects shares, folders and files on any NAS filers regardless of vendor. StorageSecure encrypts information based on defined business policies and securely stores the information without impacting ongoing operations or reducing information availability.

StorageSecure securely stores all encryption keys and their associated parameters within hardware. Keys can also be shared with SafeNet KeySecure centralized key management solution that securely stores StorageSecure keys but also other heterogeneous encryption keys for truly centralized key management.

Storage Security Features Offered by StorageSecure:

Granular Data Level Protection

Our storage encryption solution, StorageSecure, protects data at rest at the share/folder/file level. By providing granular data level protection, instead of enforcing an all or nothing protection, organizations are able to enforce data-specific authorization based on user privileges, job responsibilities, and data location.

Ensures Compliance with Legislative and Regulatory Mandates

StorageSecure Use Case Icon

Protecting sensitive data at rest is fundamental in ensuring compliance. StorageSecure ensures that sensitive data will be encrypted and rendered unreadable to unauthorized users even as it moves across the different storage tiers, including operations and staff who need to manage the systems but not access the data. Once data is encrypted, it remains encrypted through its lifecycle without any additional intervention.

Backup, replication, and snapshotting applications that work on files on the NAS filers all continue to function exactly as before while the underlying data remains encrypted.

Privileged User Access and Separation of Duties

StorageSecure Icon

StorageSecure augments existing access controls defined in Microsoft AD, LDAP, NIS and allows enterprises to strengthen these controls for users and administrators by building upon previously defined identity and access management controls, creating stronger separation of duties.  In this way, StorageSecure protects against rogue users and administrators.

Highly Secure and Easy to Deploy

StorageSecure for Storage Encryption Icon

StorageSecure is a “self-contained” appliance. There are no changes to the storage devices, no agents to install, and more importantly, the user does not need to change their daily operations. StorageSecure is placed within the network on an Ethernet connection, configured based on data/information value and user access controls. Data is automatically encrypted and decrypted within the hardware appliance.

Integrated with KeySecure for Automated and Centralized Key Management

StorageSecure Icon

By combining StorageSecure and SafeNet KeySecure, organizations are able to enforce more robust data access and key management controls while eliminating lost and stolen keys and preventing information access. KeySecure can host backup keys to StorageSecure devices for disaster recovery and maintain a key archive for all deployed and purged keys.

StorageSecure and NetApp Snapshot Solution Brief StorageSecure and AWS Storage Gateway Solution Brief
View Specifications Resource Library

StorageSecure Centralized, High-Performance NAS Encryption

Hardware

Rack Mountable

Standard 19" EIA rack (2U height)

Size

17.4" W x 19" D x 3.5" H (44.2 cm W x 48.3 cm D x 8.9 cm H)

Weight

20.0 lbs. (9.1 kg)

Universal AC Input

100-240V ~47-63 Hz, 5A

Hardware Security

NIST FIPS 140-2 level 3 compliant (in process)

  • Anti probing baffles prevent access to device internals.
  • Tamper evident seals indicate if tampering has occurred
  • Tamper switches automatically zeroize key material if activated
  • ZEROIZE button manually zeroizes key material

Rear Points

s220: 1 GbE interfaces using SFP connectors, one for the client side network and the other for the storage side network

  • 1000BASE-T ROHS RJ-45 connector
  • 1000BASE-SX LC connector Multi-mode fibre850 nm
  • 1000BASE-LX LC connector Single-mode fibre1310 nm

s280: 10 GbE interfaces using SFP+ connectors, one for the client side network and the other for the storage side network

  • 10G Base-SR 300 m Multi-mode fibre 850 nm
  • 10G Base-LR 1000 m Single-mode fibre1310 nm

Front LCD

Power, Secure traffic/Management port, Client side network, Storage side network, Unit alarm, Power alarm, Environmental alarm, Smart card reader

Smart Card

1 smart card reader

Hardware Redundancy

2 redundant/hot-swappable power supplies, 2 variable speed fans

Clustering and Failover

Clustering for full redundancy and automatic failover – Clustered StorageSecure appliances share critical configuration information to provide failover and manual load balancing support for the network.

Security

Encryption

FIPS-PUB 186: AES-256 (Advanced Encryption Standard with 256-bit keys) – PRNG implemented using FIPS 186-2:  (General Purpose;  X-Change Notice; SHA-1).  Uses the SafeXcel 1746 crypto-device TRNG for providing entropy to seeding the PRNG

Operating System

Highly customized, hardened OS

Configurable Security Policy

Fully customizable security settings

Crypto-Shredding

A single command will zeroize all keys, effectively making access to encrypted data impossible

Authentication

Administrator

User name/password for device management. An additional hardware authentication token is required for access to functions such as key and data recovery, key sharing, and clustering operations. Multi-person quorum-based authentication for sensitive security operations such as recovery, initialization, and establishing trusted relationships may also be implemented

Management

Management Platform

  • Manage all StorageSecure and KeySecure appliances from a single management console
  • Management console uses optional two-factor authentication with role based administration

Supported Protocols

  • CIFS
  • NFS
  • iSCSI
  • FTP, TFTP
  • HTTP

Supported Directory Services

  • Microsoft Active Directory
  • LDAP
  • NIS
  • Radius

StorageSecure Management Console

Graphical user interface (GUI) available via web browser that is capable of high-grade 128-bit encryption. JavaScript must be enabled to access all functionality available through the management console.

Command Line Interface (CLI)

Command line interface (CLI) available over SSH or directly through the serial console port

SNMP

SNMP v1, v2c, and v3

Logging and Audit

Cryptographically signed tracking of key events. Configurable audit trail with local and remote (syslog) logging.

Environment

Operating Temperature

32°F-104°F (0°C to 40°C)

Operating Humidity

20 to 80% RH @ 40° C operating temperature

Operating Altitude

0 to 1650m AMSL

Safety and Compliance

Safety

Canada

CSA 60950 - 1

United States

UL 60950 - 1

Japan

IEC 60950 -1

European Community

EN60950, TUV R 2845

Electromagnetic Compatibility (EMC)

Canada

ICES-003 Class B

United States

FCC Class B

Japan

VCCI Class B

Korea

RRL Class B

European Community

European Community CE (EN55022 Class B, EN55024, EN61000-3-2 Class A, & EN61000-3-3)

Australia/New Zealand

AS/NZS 3548 Class B

International

IEC 6095 0-1
StorageSecure and NetApp Snapshot Solution Brief StorageSecure and AWS Storage Gateway Solution Brief
View Features & Benefits Resource Library
StorageSecure Icon

Ease of Deployment. SafeNet StorageSecure offers a seamless, non-disruptive deployment that drops into the network between clients and servers, linking them with a high-speed cryptographic path. There are no hosts to configure or software to install. Our storage encryption and security solution, StorageSecure, is ready to encrypt and secure storage transparently without any impact on user experience.

Centralized Policy and Key Management. SafeNet StorageSecure is a part of the Data Encryption and Control offering, such that it is fully integrated into the SafeNet Crypto foundation, including SafeNet KeySecure for key management and data access control policy management. Centralized key management eliminates lost and stolen keys preventing information access. KeySecure can host backup keys to StorageSecure devices for disaster recovery and maintain a key archive for all deployed and purged keys.

Redundancy and High Availability. SafeNet StorageSecure appliances can be clustered with all keys, policies, and configuration information automatically synchronized between cluster members. If one appliance goes offline, the second appliance automatically takes over the combined workload, ensuring that vital encrypted data is always available when needed.

Administration and User Access Controls. SafeNet StorageSecure provides the ability to integrate with user common directory services, such as LDAP, Microsoft AD, and NIS to incorporate existing user access and authentication controls. An additional layer of dual authorization control can be defined within the StorageSecure administration console to further restrict access to sensitive data stored in the storage arrays.

Segregation of Data. Whether used for virtual environments, multi-tenancy, or separation of duties, StorageSecure ensures isolation and granular access to protected data.

Quick and Secure Data Destruction. SafeNet StorageSecure, along with SafeNet KeySecure key management solution, ensure that stored sensitive data has been rendered unreadable in the event the storage appliance needs to be repurposed or the data needs to be destroyed.

StorageSecure and NetApp Snapshot Solution Brief StorageSecure and AWS Storage Gateway Solution Brief
View How To Buy Resource Library

Use this form to contact sales now.

Americas
Phone: 866-251-4269
Complete this short form
EMEA
Phone:+44-01276-608000
Complete this short form
APAC
Phone: 866-251-4269
Complete this short form

US Federal Sales Type 1
Phone: 443-327-1235
Complete this short form

 

Office Locations
Find a Partner
Order Inquiries? View contact information here.
View Overview Resource Library
CTA - Benefits of Migrating to Storage WP
CTA - StorageSecure