Cisco Systems plans a fabric-based encryption offering for disk and tape later this year that the company says bests current approaches.
The product will be delivered in the second half of the year, but Cisco has been conducting preliminary briefings to let customers know it’s coming and will issue a press release on the offering next week.
Doug Anderson, product manager of Cisco’s Data Center Business Unit, said that of the possible locations to encrypt data — on the host or tapes, via appliances or on the storage network fabric — Cisco chose to deliver its Storage Media Encryption (SME) of data at rest as a SAN fabric-based service, integrating it into the network so it doesn’t require network changes or new equipment.
Data encryption has become “top of mind for customers,” said Anderson. One reason is the need to comply with data protection and retention regulations such as HIPAA and Sarbanes-Oxley. Another reason is cost: dealing with a lost customer record costs a company $90 without encryption, compared to just $6 if the data is encrypted, said Anderson, citing Gartner.
Anderson said Cisco’s approach minimizes latency and maximizes performance, integrates with existing hardware, software and data center management practices, and provides the flexibility to deliver encryption when and where it’s needed.
The service will be delivered as a module in Cisco’s modular and semi-modular MDS 9500 and 9200 Fibre Channel switches. The first products will encrypt tape and virtual tape (VTL), with encryption for heterogeneous disk storage arrays to be added at a later date.
Anderson said Cisco is working actively on standards and with partners’ APIs to make key management highly available. The solution will be IEEE 1619 AES 256 compliant, the company says.
Cisco says the heterogeneous solution can also encrypt traffic from any virtual SAN (VSAN), with automatic load balancing across multiple SANs, and Cisco Fabric Manager and a command line interface (CLI) approach performs provisioning, key and user management with no need for additional management software. The hardware will also support other SAN services and features.
Cisco says its approach gives it performance, flexibility, scalability and ease of management that host, appliance and storage device-based approaches don’t offer. The company also plans advanced security certifications for the offering.
Cisco isn’t the only storage switch vendor making news this week. Arch rival Brocade claimed at the Storage Decisions show in Chicago this week that its 48000 Director is two to three times more efficient than the Cisco MDS 9513.
Deepak Munjal, Cisco’s Data Center Solutions marketing manager, didn’t dispute the Brocade claim, but pointed out that networking devices only account for about 15 percent of overall data center power consumption. When capacity, performance and features such as integrated routing are factored in, customers may need fewer boxes and less overall power with Cisco switches, he said, calling Brocade’s comparison “simplistic.”