Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure
With backing from the CIA and praise from a prominent analyst, Decru hopes to capitalize on the growing concern about data at rest with its next-generation storage security appliance for network-attached storage (NAS).
The Decru DataFort E510 updates the E440 model that began shipping a year ago. This year's NAS model adds new features to strengthen security for stored data, including secure access controls, tamper-proof auditing, and automated Lifetime Key Management. The company also offers the FC 520 for storage area networks (SANs) and also secures direct-attached storage and tape environments.
Decru is teaming with Network Appliance and MDY Advanced Technologies on a solution for secure electronic records management as well. The solution set, which also supports applications from KVS and Documentum, has been certified by the U.S. Department of Defense to address DOD 5015.2 - STD regulations. These regulations set rigorous requirements for the creation, maintenance, use, reproduction, and deletion of records.
Providing security for data at rest in storage is a growing concern for IT organizations facing increasing internal and external attacks. According to the FBI/Computer Security Institute, 50%-80% of computer attacks originate behind the firewall, and 67% of companies reported internal breaches of their systems in the last 12 months. With the privacy and security of data catching the attention of regulators, companies face greater pressure to make sure their data is secure.
"Connecting shared storage to an enterprise IP infrastructure significantly increases the vulnerability of data to both internal and external threats," says Nancy Marrone-Hurley, senior analyst at Enterprise Storage Group. "Decru DataFort E510 simplifies storage security by integrating military-grade data encryption, automated key management, access controls, and auditing into a hardened appliance that can be centrally managed."
A CIA Pedigree
Decru, founded in 2001, has raised more than $45 million from some of the biggest names in venture capital, including Benchmark Capital, Greylock, and New Enterprise Associates.
The start-up also boasts funding from an unusual source: In-Q-Tel, a private, non-profit enterprise funded by the Central Intelligence Agency (CIA) "to identify and invest in cutting-edge technology solutions that serve U.S. national security interests."
"Decru is installed in a number of organizations that store our country's most critical data," Marrone-Hurley wrote in a recent report. "Our government agencies trust Decru's solutions to secure their data. We believe it's time corporate America did as well."
Marrone-Hurley would tell you which agencies are currently using Decru, but you know what would happen...
Decru, along with other storage security start-ups like NeoScale, appears poised to capitalize on the growing concern about data security.
"Customers are racing to address storage security and regulatory compliance, and they cannot trade off performance, reliability, or business continuity," says Decru CEO Dan Avida.
Decru's DataFort appliances combine secure access controls, authentication, storage encryption, and secure logging to protect sensitive stored data. All access is routed through secure hardware.
New secure access controls provide a single point of access and authentication for heterogeneous client and storage environments. DataFort integrates with directory servers such as LDAP, Active Directory, and NIS, and adds a layer of hardware-based enforcement to prevent a range of common attacks.
A configurable audit trail logs access to Cryptainer vaults and any administrative changes to the DataFort. The summary is cryptographically signed so that it can't be tampered with, even by administrators.
Lifetime Key Management automates key backup, recovery, and archiving. LKM requires a quorum of Decru recovery smart cards for all sensitive recovery functions, eliminating single points of vulnerability. Decru says this simplifies disaster recovery scenarios and enables the transfer of Cryptainer vaults between DataFort appliances. A software recovery tool is provided to ensure data access in the event that DataFort hardware is rendered inoperable.
The DataFort E510 supports wire-speed AES 256-bit encryption over gigabit Ethernet and is targeted for NAS and file server environments.
Back to Enterprise Storage Forum