QLogic 2500 Series Data-at-Rest Encryption Addresses SAN Security Requirements User Manual

White PaPer

Key Findings

SaN security via encryption is necessary for protecting data when it leaves a physically secure SaN (for example, tape backups and
hard disks leaving for repair or retirement). this paper reveals that:

•

Encryption of data at the media (data-at-rest encryption with self-encrypting drives), in conjunction with physical SAN
security, addresses all major storage administrators’ security concerns. this type of encryption allows for minimal disruption
of existing SaN infrastructure deployments and maintains interoperability.

•

Alternative approaches to secure data, such as adapter-based encryption, are solutions looking for a problem. these
approaches promote vendor lock-in, as the data encrypted by the hardware/adapters can only be read by the same vendor’s
adapter or proprietary solutions that created them. Such approaches also pose new security risks if interoperability with existing
deployments is mandated by it managers.

•

Host-based encryption poses new challenges to data compression or de-duplication applications.

•

Fabric based encryption (switch-to-switch) addresses security needs when data is being exchanged between SANs
across the WAN. Pervasive adoption of such features requires standards-based key management, which does not exist today.
every vendor’s key manager handle keys differently, making interoperability a challenge.

•

QLogic’s Fibre Channel Adapters provide a secure solution that works well with Self-Encrypting Drives (SEDs) and provide
interoperability with other hardware components in the SAN without the need for adapter-based encryption.

Data-at-Rest Encryption Addresses

SAN Security Requirements

QLogic 2500 Series Fibre Channel Adapters Meet

Enterprise Security Needs