EMC Symmetrix Data at Rest Encryption Achieves FIPS 140-2 Validation

EMC Corporation announced that Symmetrix Data at Rest Encryption module for VMAX is now FIPS (Federal Information Processing Standard) 140-2 compliant and validated by the Cryptographic Module Validation Program (CMVP), a joint effort of the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC).

     Data at Rest Encryption Architecture

                              
Now customers can be confident with FIPS140-2-validated encryption while taking advantage of EMC’s automated storage tiering technologies for price and performance optimization, including EMC FAST VP, in a secure environment. the company continues to strengthen protection around customers’ information -to deliver a secure enterprise storage array. Customers have the assurance that an independent, recognized third party (CMVP) has examined the EMC Data at Rest Encryption method in detail and validated that it complies with cryptographic requirements.

FIPS 140-2 is an officially recognized North American standard that validates proper use of standard, peer-reviewed methods of encryption. FIPS 140-2 validated encryption of data at rest is required for compliance with many security standards, especially in the US federal market.

Symmetrix Data at Rest Encryption
EMC Symmetrix Data at Rest Encryption for VMAX protects information from unauthorized access for customers across industries that collect, store, transfer, and share sensitive information. Customers who have been limited by self-encrypting drives in other storage arrays can now realize the benefits of validated encryption and auto-tiering with VMAX. It provides hardware-based, back-end AES-256 encryption, while protecting information from unauthorized access when drives are physically removed from the VMAX storage system.

The solution uses individual keys for every drive, minimizing risk, and has two possible key management configurations:

• An automatic, internal embedded key management option.
• Integration with a customer’s existing RSA key management infrastructure, RSA Data Protection Manager.

Will Sanders, senior technology specialist and storage architect at Geisinger Health Systems, said: "At Geisinger, protecting our patients’ privacy is a top priority. Geisinger leverages EMC Symmetrix Data at Rest Encryption to help protect our patients’ data. Now that the encryption is FIPS 140-2 validated, it allows us to meet HIPAA/HITECH compliance, and reassures us that the encryption is solid. For Geisinger, Symmetrix Encryption means that VMAX storage media is encrypted when leaving the site-ensuring that our information is not leaving. This protection, along with the fact that it doesn’t affect our applications’ performance means that we have the tools necessary to secure critical data."

Brian Gallagher, president, Enterprise Storage Division at EMC, said: "Achieving FIPS 140-2 validation reinforces EMC’s commitment to deliver the industry’s most secure and trusted enterprise storage array. No other storage vendor offers Data at Rest Encryption with auto-tiering capabilities, enabling customer to optimize their storage system’s performance and efficiency-securely-while exploiting the benefits of Flash drives. FIPS 140-2 validation complements the existing secure credentials, tamper-proof auditing, and secure erasure capabilities of VMAX-in addition to integration with the RSA portfolio including key management and RSA enVision security information event management-making VMAX arguably the world’s most secure storage array."