Cisco Cisco Storage Media Encryption Libro bianco
White Paper
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 19
Cisco Storage Media Encryption Key Management
What You Will Learn
The Cisco
®
Storage Media Encryption (SME) solution enables hardware compression and
encryption on the network before data is written to a tape device.
With the introduction of the Cisco MDS 9222i Multiservice Modular Switch and of the Cisco MDS
9000 18/4-Port Multiservice Module line card providing encryption services, the Cisco SME
solution provides a distributed, highly scalable, and secure network based on the Cisco MDS 9000
family of switches and directors. It offers centralized administration and key management,
simplifying the deployment and management of the solution. This document describes the Cisco
SME key management architecture and options.
Data Security Landscape
In the past, only a small number of organizations adopted some of the available tape encryption
technologies. Data on tape was considered relatively safe, and the risk involved was not enough to
justify the additional cost, slower performance, and additional operation procedures.
Recently, new conditions have caused the risks associated with tape data loss to be seen as much
more critical:
●
More stringent privacy regulations: Private data stored in electronic form is subject to
privacy laws such as the European Union (EU) Directive on Privacy and Electronic
Communication (2002), and the Japanese Bill to Protect Personal Data (2001). A growing
number of U.S. states have privacy regulations in place, and several bills were introduced
in the U.S. Congress in 2005. The Visa and MasterCard Payment Card Industry Data
Security Standards (PCI DSS) and the Japan Bank Association’s Data Protection Support
standards are more examples of data privacy demands on technologies.
●
Public disclosure of data breaches: The California Database Breach Act (California Senate
Bill [SB] 1386, 2003) requires that any data breach involving the private data of a California
citizen be announced to the public. As a consequence, most data breaches associated with
lost or stolen clear-text tapes require organizations to alert customers, provide credit
monitoring, and perform damage control, and potential losses may be millions of U.S.
dollars.
●
Long-term data retention requirements: Government regulations such as the Health
Insurance Portability and Accountability Act (HIPAA) and Securities and Exchange
Commission (SEC) Rule 17a-4 demand long-term retention of records. Tape is often used
for data archiving, and tape encryption can be used to keep the data confidential and
tamper-proof.
Tape encryption is now widely regarded as a necessity. In addition, new technology options are
making implementation of a solution that secures data on tape less costly in term of capital
expenses and maintenance.