managing data security for storage of high value content · managing data security for storage of...
TRANSCRIPT
![Page 1: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/1.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Managing Data Security for Storage of
High Value Content
Robert Wann President & CEO
Email: [email protected] Enova Technology Corporation
![Page 2: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/2.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
What is an eDrive?
2
An eDrive constitutes three major functions -
1. Transparent (or Real-time) Hardware Full Disk Encryption or Self Encrypted Drive 2. Trusted Computing Group (TCG) Opal 2.0 Firmware 3. IEEE 1667 Firmware
A BitLocker managed eDrive is called Microsoft eDrive or EHDD. BitLocker (came free with Windows 8.1 Pro, Windows 10 Pro and Enterprise release) manages eDrive through 1667 & Opal 2.0.
An eDrive can be internally a - • Boot Drive, or • Data Drive
Alternatively, an eDrive can be a portable drive, such as the one using USB3.0/3.1 to SATA technology.
![Page 3: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/3.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
What is an OPAL 2.0?
3
LBA Range 1 Max LBA LBA Range 2
User 1 User 2 User 3 User N
0 Max LBA
Global Range
No LBA Range Assigned
LBA Range 1 and 2 Assigned
Assign LBA
Ranges Global Range Global Range
![Page 4: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/4.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Intelligence-built X-Wall MX+ eDrive Controller
4
Clear Text Cipher Text
How it works: Automatically transforms various drive capacities to eDrive Equipped with SATA Device Protocol Stack connecting to the SATA Host Equipped with SATA Host Protocol Stack connecting to the SATA Device
Controller (SATA device) Identity-based authentication can be done through either SATA API or
built-in I2C API with challenge & response plus FIPS 140-2 certified HMAC/CMAC and/or RSA 2048 DS
Motherboard
SATA Host Adapter
BIOS
CPU
SATA DEVICES
SATA Coupling
SATA Coupling
![Page 5: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/5.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
The X-Wall MX+ Automatically Transforms Any SATA Drive To eDrive
5
The X-Wall MX+ features -
1. In-line 6Gbps AES CBC/XTS/ECB 256-bit crypto performance for any SATA Gen 3 drive
2. Offer fast data access through the same access point for a mixed/legacy drives and future expansion
3. TCG Opal 2.0 Firmware 4. IEEE 1667 Firmware
The in-progress FIPS 140-2 certified X-Wall MX+ automatically transforms any SATA drive to SED/FDE, Opal2.0 Drive or eDrive which can then be configured as a Microsoft eDrive with BitLocker enabled, suitable for either booting or data.
![Page 6: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/6.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Why Is The X-Wall MX+ eDrive Solution Superior?
6
The X-Wall MX+ eDrive Solution Benefits from - 1. FIPS 140-2 Level 2 or 3 certified single chip crypto module (in progress) 2. Able to utilize any SATA compliant drive regardless of its capacity 3. Enable disk image cloning to reduce corporate IT overhead 4. Data backup is made easy 5. In-line 6Gbps AES CBC/XTS/ECB 256-bit crypto performance
The X-Wall MX+ effectively transforms any SATA drive to FDE/SED, Opal2.0 Drive, eDrive or Microsoft eDrive for both internal and external storage applications.
![Page 7: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/7.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Benefits
7
• Better performance • Encryption hardware, integrated into the X-Wall MX+ controller, allows
the drive to operate at full data rate. • Strong security based in hardware
• Encryption is always "on" and the keys for encryption never leave the MX+ interface. User authentication is performed by the MX+ before it will be unlocked, independently of the operating system
• Ease of use • Encryption is transparent to the user because of the MX+. There is no
user interaction needed to enable encryption. There is no need to re-encrypt data for re-purposing.
• Lower cost of ownership • There is no need for new infrastructure to manage encryption keys, since
BitLocker leverages your Active Directory Domain Services infrastructure to store recovery information. Your computer operates more efficiently because processor cycles do not need to be frequently interrupted.
![Page 8: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/8.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
The X-Wall MX+ Ensures Trusted Communications throughout all
computing tiers
8
The X-Wall MX+ is intelligent in that -
1. Able to generate, sign & verify digital signature 2. Able to perform device level HMAC and CMAC plus challenge
& response protocols 3. All cryptographic implementations are FIPS 140-2 validated 4. Commands can be digitally signed whereas pay loads can
now be encrypted during authentication
The X-Wall MX+ is empowering devices with more intelligence with its digital signature generating, signing and verifying capability to ensure trusted & encrypted communications throughout all computing tiers.
![Page 9: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/9.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ Solution for System Manufacturers
9
For System Built-in Application: Enable specific SATA Host to FDE/SED, eDrive
capable; Able to use any SATA disk drive; If Microsoft Windows with BitLocker
• Configured as a Boot eDrive • Configured as a Data eDrive
If Other OSes
• TCG Opal 2.0 drive through available Opal 2.0 management software
• Standard FDE/SED
![Page 10: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/10.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ eDrive Solution for SSD & Drive Manufacturers
10
For SSD & HDD Built-in Applications: Microsoft Windows Using BitLocker
• Boot eDrive • Data eDrive
Other OSes
• TCG Opal 2.0 drive through available Opal 2.0 management software
• Standard FDE/SED
![Page 11: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/11.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ eDrive Solution for Desktop Retrofitting
11
For Existing Desktop Retrofit Application: Microsoft Windows Using BitLocker
• Boot eDrive • Data eDrive
Other OSes
• TCG Opal 2.0 drive through available Opal 2.0 management software
• Standard FDE/SED
![Page 12: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/12.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Enigma 3.1 Solution Protects Data-In-Motion & Cloud Data
12
Enigma 3.1 For Cloud & Data-In-Motion
Applications:
Encrypt selectable File/Folder
Send encrypted file/folder to any cloud
Supports Windows & Mac OS
Utilizes latest USB3.0/3.1 technology
May alternatively configure to FDE
![Page 13: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/13.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ Solution Enables Portable eDrive
13
For USB3.0/3.1 to SATA Portable Drive
Application:
Microsoft Windows Using BitLocker • Enables the drive as a Microsoft eDrive • Utilizes latest USB3.0/3.1 to SATA technologies • Portable yet secured!
For Non-Windows Applications
• TCG Opal 2.0 drive through available Opal 2.0 management software
• Standard FDE/SED
![Page 14: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/14.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ SecureNAS Solution
14
Enova SecureNAS T2 System Block Diagram
700W Redundant
Power supply
SATA DISK #1
Redundant Power supply
Gigabits Ethernet
SecureNAS T2 Main Controller Board
HIG
H PER
FOR
MA
NC
E H
AR
DW
AR
E
RA
ID5/6 C
ON
TRO
LLER
Backplane quipped with multiple X-Wall MX+ eDrive Controllers
To Gigabits Ethernet for NAS Applications
CPU OS Kernel
SATA DISK #2
SATA DISK #3
SATA DISK #16
SATA DISK #15
Internal Memory Turbine Heat
Dissipation & Noise
Reduction
![Page 15: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/15.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ Identity-based Authentication
15
SecureNAS T2 Controller Board
OS Kernel
High Performance Hardware RAID 5 Module
Authentication Module
Secure ProtocoModule
X-Wall MX+
License Evaluation
Module
Key Server Authentication
Module
License File Authentication through RSA 2048 DS, HMAC or CMAC
Enova License Server
Internet (email)
System Administrator
License File
License Storage
HDD
CPU
![Page 16: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/16.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
X-Wall MX+ Solutions Comparison Chart
16
Features/Functions X-Wall MX+ Branded eDrive Drive claimed with AES block
Transparent Full Disk Encryption (FDE)/Self Encrypting Device (SED)
Yes Selectable
AES CBC, XTS, ECB 256-bit
Yes M500 – AES CBC 256-bit ST500 – AES CBC 256-bit EVO850 AES XTS 256-bit
Unknown AES mode or bit strength
Support TCG Opal 2.0 Yes Yes No
Support IEEE 1667 Yes Yes No
Support Any Capacity Yes No No
FIPS 140-2 Level 2, 3 Yes, In Progress No No
Gate Keeper for Desirable Functions Yes No No
Configure BitLocker for Booting & Data Yes, Very Easy. Somewhat Difficult No
Image Clone & Backup eDrive Yes No No
Enable RSA 2048 DS for Trust Relationship Yes No No
Commands digitally signed & payloads encrypted
Yes No No
![Page 17: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/17.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Key Take Away
17
In-line 6Gbps AES CBC/XTS/ECB 256-bit crypto performance on any SATA Gen 3 drive
Converts any drive capacity from various vendor to eDrive to save significant qualification cost
Intelligence-build controller that enables digital signature generation, verification and signature
Commands can not be digitally signed whereas payload can not be encrypted
![Page 18: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/18.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Patents & Awards
18
Enova X-Wall® MX received 2012 Golden Bridge Awards’ Encryption Solutions Innovations.
Enova Enigma received 2012 PC Magazine Editors’ Choice and TAITRONICS’ Technology
Innovation Awards.
Title: Cryptographic Serial ATA Apparatus and Method:
2013 Canada Patent 2567219
2011 US Patent 7900057,Japan Patent 4762861
2010 China Patent 2006101624794 ,Taiwan Patent I330320
Title: Real Time Data Encryption/Decryption System and Method for IDE/ATA Data Transfer:
2011 Taiwan Patent I348853 2012 China Patent 2004100703766
2007 Korea Patent 711190 2008 US Patent 7386734
Title: Encryption-Decryption Device for Data Storage:
2003 Taiwan Patent I79354 2004 Korea Patent 445288
2001 Japan Patent 3085785
Title: Cryptographic Device:
2006 US Patent 7136995
![Page 19: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/19.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Product History
19
2016 Introduced solution Enigma 3.1
2015 Introduced chip X-Wall® MX+
2013 Introduced solution Enigma 2
2012 Introduced solution Enigma 1
2010 Introduced chip X-Wall® DX
2008 Introduced solution SecureNAS T1
2008 Introduced chip X-Wall® FX
2007 Introduced chip X-Wall® MX
2006 Introduced chip X-Wall® CO+
2005 Introduced chip X-Wall® CO
2004 Introduced chip X-Wall® XO
2003 Introduced chip X-Wall® LX
2002 Introduced first chip X-Wall® SE, SEA
2000 Enova founded in April, 2000.
![Page 20: Managing Data Security for Storage of High Value Content · Managing Data Security for Storage of High Value Content Robert Wann President & CEO . Email: rwann@enovatech.net ... Encrypt](https://reader031.vdocuments.mx/reader031/viewer/2022013021/5f0c00fa7e708231d433482d/html5/thumbnails/20.jpg)
2016 SNIA Data Storage Security Summit. © Insert Your Company Name. All Rights Reserved.
Thank you!
Download this presentation and others from SNIA’s Data Storage Security Summit at:
http://www.snia.org/dss-summit
20