IBM Preps Disk Encryption Dive

ORLANDO, Fla. -- IBM will soon extend the encryption features found in its tape libraries into disk arrays and servers, according to Clodoaldo Barrera, chief technical strategist in the vendors systems and technology group.

”Our intention is to take that same data-at-rest [encryption] capability that we have today for tape and apply it to disk arrays and drives embedded within servers,” Barrera told Byte and Switch. “You will see some announcements from us this year.”

This will effectively take the encryption found in the vendor’s TS1120 tape library and extend it to IBM’s DS range of disk storage systems.

Last October IBM conducted a demonstration of full disk encryption with Seagate and LSI, so it seems likely that this partnership will form the basis of IBM’s future encryption efforts.

”We have designs that we’re working on for the disk arrays that exploit encryption on the drive itself,” said Barrera. “We think that’s a good way to do it because it can be done at low cost.”The exec also feels that drive-level encryption will go a long way to allaying users’ fears of a high-profile data breach.

”One of the big benefits of doing encryption at the storage layer is that it is a place where all data access funnels down to,” he explained. “It covers a lot of exposures all at once.”

IBM’s plans would offer an encryption alternative to standalone appliances from the likes of Decru and the now-defunct NeoScale, as well as database encryption from the likes of Oracle.

”Very few applications actually do this [application encryption] today,” said Barrera, who hinted that IBM would offer faster encryption than its rival Decru.

The exec also believes that drive level encryption will boost the rollout of software as a service (SaaS) and help allay users fears about losing critical data at the hands of a SaaS provider.”I have to make sure that a storage operations guy in my service provider’s data center can’t view that information,” said Barrera. “In a lot of ways a SaaS provider has a stronger requirement for security than a traditional data center does.”

IBM today also unveiled details of its "Phantom" virtualization technology, a piece of code that sits inside a hypervisor. Phantom monitors and disrupts malicious code passing between virtual machines by using both network and host intrusion protection technology, although IBM has not revealed when this will materialize in actual products.

Other security offerings unveiled by the vendor today include Tivoli Key Lifecycle Manager, which is initially targeted at IBM tape and disk technology, and the vendor’s Unstructured Data Security Solution, which classifies unstructured data.

IBM also announced Tivoli Security and Event Manager and Tivoli Access Manager for E-Business, which manages user control to Web-based applications.

The Unstructured Data Security Solution and Tivoli Security Information and Event Manager are available now, with the Tivoli Access Manager for E-Business due to be released later this month. Tivoli Key Lifecycle Manager will be available in the third quarter of this year.Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.