IBM 'Deadbolts' Internal Storage

IBM is claiming the ability to deadbolt” data by building encryption capabilities into internal server storage.

This week the vendor announced a RAID adapter card for encrypting hard drives on its SystemX servers. IBM claims that this will help users avoid headline-grabbing data breaches, such as the recent incident with a Royal Bank of Scotland computer containing customers’ personal data was sold on eBay.

"In many cases, customers will leave whatever organization has lost their data because they have lost confidence in them," says David Rasmussen, a director at IBM, explaining that the adapters can lock down data. "Once that data is encrypted, it can’t be compromised, whether the drive is improperly disposed of, or stolen."

The MR10is adapter card uses chip technology from LSI to encrypt data on the server hard-drives, and is being aimed particularly at SMBs and large enterprises that may not rely on external storage such as tape libraries.

IBM, for example, like its rival Sun, offers encryption built into its tape drives, although Rasmussen explains that smaller firms often need other methods to secure their data."For the large enterprises that consolidate in a large data center, the data center tends to be more secure," he says, adding that many SMBs are rethinking their security strategies. "It has been a concern for SMBs for some time -- we are seeing that [security spending] increase even in emerging markets."

The exec adds that encrypting data on internal server storage removes the need for firms to destroy their hard drives, a common occurrence in these increasingly paranoid times.

“As you know, many customers will crush hard drives to make sure that data isn’t compromised, this means that that isn’t necessary,” he says, adding that the cards can help scrub the drives clean. “This allows users to resell their drives and recoup some of their costs.”

IBM offers two different flavors of AES-256 bit encryption on its MR10is card; the first, which Rasmussen describes as "unauthenticated," only protects the drive if it is stolen out of the xSeries server.

“The second mode is the 'authenticated' mode -- it requires a pass-phrase or a user-key,” he says, whereby the entire system, including the drives is locked down. “The customer can determine what level of security they want.”Despite all IBM’s hyperbole, the vendor was unable to offer up any named customers that are using the encryption card, although Rasmussen told Byte and Switch that “a handful” of early adopters are testing the technology.

IBM’s Rasmussen also provided an update on IBM’s efforts to deliver full disk encryption for its servers, something which is already being developed for the vendor’s tape libraries.

"Full disk encryption is coming - we think that’s a full year away before it’s cost realistic to integrate," he says. "We’re working with companies on that technology."

The MR10is adapter is available now, priced around $1,000.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.