Voltage Securestorage: Protecting Sensitive Data-At-Rest

Product Flyer Security

Voltage SecureStorage: Protecting Sensitive Data-at-Rest In an era of complex privacy laws and compliance requirements, keeping sensitive data secure in a data storage environment is a high priority for IT departments. Sensitive data can contain customers’ personal data, partner information and intellectual property. Lost or stolen data, especially customer information, can re- sult in loss of trust, brand damage and competitive disadvantage.

Benefits Enterprises are storing and accumulating large the native Linux dm-crypt along with Voltage ■ Full data-at-rest protection from physical loss volumes of sensitive information in Hadoop Stateless Key Management to protect data ■ Secures Linux volumes on premises and in and cloud applications, where the data is of- stored on Linux volumes. Also included is sup- the cloud ten replicated and stored in multiple areas and port for Transparent Data Encryption (TDE) in ■ Meets compliance and audit requirements for accessible to a wide range of business sys- Hadoop, enabling granular access control for logging, authentication, authorization and tems, users and partners. Hadoop and cloud data-at rest. stateless key management are inherently insecure and pose many unique ■ Delivers infrastructure to enable an easy step challenges to properly securing data within SecureStorage protects against data loss in to data-centric encryption and tokenization these environments. Enterprises need to make the case of media theft removal and hardware with SecureData certain that sensitive data is encrypted so it is repair which often occurs in Hadoop, and large ■ Eliminates the need for key storage, management protected at rest, especially with the reduced data stores due to frequent disk repairs and and protection of keys and enables use of physical and logical access controls of many swapouts. SecureStorage provides a secure existing policy and access controls environments. Encryption at the storage level way to maintain control of the data by incor- Enables storage encryption with data-centric ■ protects physical, virtual and cloud-based security, central policy controls and key porating stateless key management in which management for heterogeneous environments Linux volumes while enforcing security policies the key is never persisted or written to the disk. surrounding data access. Encryption keys are derived as needed, and all key requests are logged. This protects against Fully securing the enterprise environment unauthorized authentication of the key request is essential to mitigate potentially huge data to personnel who may have physically obtained vulnerabilities. High performance data-at-rest the disk from being able to read any data from it. protection with volume encryption combined This is a useful control when there are frequent with stateless key management is critical in disk repairs and swap-outs and even in the securing large volumes of sensitive data for event of an unwanted theft. SecureStorage with unwanted access and distribution. Stateless Key Management enables consistent data ownership and control while meeting com- SecureStorage pliance and audit requirements. Data-at-rest Micro Focus® Voltage SecureStorage protects stored in volumes is protected and only autho- sensitive data-at-rest. SecureStorage uses rized machines can access it. Threats to Traditional IT Data Data Security SecureData Data Intrastructure Security Ecosystem Coverage Data-centric Security

Data & Applications Credential Authentication Compromise Management Security gap Middleware/Network Trac Security End-to-end Interceptors SSL/TLS/rewalls Gaps Protection

Security gap Databases SQL injection, Malware Database encryption Contact us at: Security gap www.microfocus.com File Systems Malware, Insiders SSL/TLS/rewalls Like what you read? Share it.

Security gap Storage Malware, Insiders Disk encryption

Figure 1. SecureData provides end-to-end data protection. Although no key is ever stored on disk, encryption and decryption can still occur without any For customers electing to initially use only ■ Automating supervisory or legal user interaction. the SecureStorage data-at-rest option, Micro e-discovery requirements through Focus Data Security also provides the abil- simple application APIs, both native SecureStorage also helps centralize control of ity to grow your capability and expand your and via web services. machines that are authorized to access data protection in the future with SecureData and ■ Maximizing the re-use of access policy on protected volumes. Enterprises can control SecureData Suite for Hadoop. SecureData is infrastructure by integrating easily and manage data access based on the ma- a comprehensive endto-end data protection with identity and access management chine. The advantage of SecureStorage vol- framework that secures data as it is captured, frameworks and dynamically enforcing ume-level encryption versus other tools is that processed, and stored across a variety of data-level access to data fields or partial it uses the same key servers and encryption in- devices, operating systems, databases and fields, by policy, as roles changes. frastructure as SecureData, enabling simplified applications. SecureData is comprised of and consistent key management across the industry-standard, next generation Voltage How SecureStorage Works organization. SecureStorage can be installed Format-Preserving Encryption (FPE), Voltage in the following storage volumes running: Secure Stateless Tokenization (SST), and SecureStorage protects data stored on Linux ■ Ubuntu 12.04 LTS Stateless Key Management technologies. volumes when used in the data-center or cloud environments, including Enterprise ■ RedHat 6.2 Linux servers, and Hadoop. For HDFS (Hadoop Voltage Stateless Key Management: ■ CentOS 6.2 Distributed File System), SecureStorage can Transparent, Dynamic, Role-Based replace the key management service (KMS) ■ SUSE 12 Stateless Key Management securely and provided in Hadoop, with the Stateless Key mathematically derives any key, as required Management solution. This Stateless Key Learn more at by an application, once that application and its Management solution provides a complete www.microfocus.com/securedata users have been properly authenticated and set of capabilities for authentication, authori- authorized against a centrally managed policy. zation, and event logging. Stateless Key Management reduces IT costs and eases the IT administrative burden by: SecureStorage is a solution for managing data ■ Eliminating the need for a key encrypted by dm-crypt through Stateless Key database, as well as the corresponding Management. In a system without Secure hardware, software and IT processes Storage, the keys used by dm-crypt are stored required to protect the database in a file local to the disk. SecureStorage lets continuously or the need to replicate you avoid the risk of storing the keys with the or back up keys from site to site. disk by deriving keys from the SecureData ■ Easily recovering archived data because Key Server. This key is used by dm-crypt to keys can always be recovered. decrypt the partition at volume mount time.

161-000467-001 | H | 01/20 | © 2020 Micro Focus or one of its affiliates. Micro Focus and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.