Cisco and RSA Security are jointly developing security technology to encrypt data at rest first on tape drives and eventually for other types of networked storage media.
Executives said the two firms plan to integrate Cisco's MDS 9000 Storage Media Encryption (SME) and RSA's Key Manager technologies. The latter tool will be used to provide the centralised key management and key provisioning capabilities for Cisco networks. The initial release of the jointly built offering will ship later this year, said Rajeev Bhardwaj, director of product management at Cisco.
A subsequent release of the co-developed product will address heterogeneous storage array encryption, Bhardwaj noted.
The companies announced the joint effort at a press conference at EMC World, the user conference of RSA's parent company, EMC.
Customers will add the encryption technology to Cisco-based storage-area networks by inserting a jointly developed line card into Cisco server chassis. The card will initially enable the encryption of tape drives; future versions will be able to encrypt data stored on virtual tape media, disks and other storage devices anywhere in a SAN without any rewiring or configuration changes.
Changes like that are necessary in order to use data protection appliances that include encryption capabilities, said Bhardwaj. Such appliances are available from Neoscale Systems, Vormetric and Network Appliance's Decru unit.
"If I want to bring encryption into a SAN [via an appliance], I have to attach the appliance, I have to rewire the SAN and change zoning so the appliance can talk to a tape library or disk," said Bhardwaj. "From our perspective, with encryption as a service, you install the line card and with the flip of a switch you say, 'This backup server encrypts this tape'."
Dismissing concerns over whether the encryption technology will cause storage performance degradation, Bhardwaj said the line card will provide 10 Gigabit/s of encryption throughput.
Additionally, the RSA-bred encryption technology will support an API for key management, he noted. This will allow end users to implement policies for managing Cisco's encryption keys for stored data across their backup, disaster-recovery and archiving systems. Cisco SME technology will integrate with backup systems from any vendor, he noted.
An alarming number of high-profile data breaches and mishaps involving lost data is fostering a greater need for large organisations to establish unity between storage and security efforts across network and IT architecture, according to a Taneja Group study released on Monday.
EMC and Cisco officials acknowledged that the agreement is non-exclusive. Neither company would say whether similar deals with outside partners are planned.
While neither party offered specific dates for when users could expect encryption technology to secure data at rest on storage disk and virtual tape media, Rajeev did say that eventually the functionality and will spread across Cisco's product line to smaller form-factor switches and other parts of its commercial efforts.
For more information, our sister site Techworld has a comprehensive network security resource page.