IBM Cloud Data Encryption Services Software defined data protection with built-in fault tolerance that is better, easier, and cheaper. Highlights Protect your company’s data with an advanced data protection solution Highly performant and scalable FIPS 140-2 certified algorithm that includes AES-256 encryption Random cryptographic bit splitting adds a second layer of data protection so that a complete set of data is never stored together in one place ‘M of N’ fault tolerance is built in, so data is highly available Works on existing infrastructure Support data confidentiality and regulatory compliance with ease Data authentication prevents use of altered data
5
Embed
IBM Cloud Data Encryption Services - Instant Credit Managerinstantcreditmanager.com/IBM-Cloud-Data-Encryption... · 2015. 2. 1. · IBM Cloud Data Encryption Services Software defined
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IBM Cloud Data Encryption Services Software defined data protection with built-in fault tolerance that is better, easier, and cheaper.
Highlights
Protect your company’s data with an
advanced data protection solution
Highly performant and scalable
FIPS 140-2 certified algorithm that
includes AES-256 encryption
Random cryptographic bit splitting adds
a second layer of data protection so that
a complete set of data is never stored
together in one place
‘M of N’ fault tolerance is built in, so
data is highly available
Works on existing infrastructure
Support data confidentiality and
regulatory compliance with ease
Data authentication prevents use of
altered data
IBM Cloud Data Encryption Services (ICDES) at a glance
Admin Interfaces Command Line Interface (CLI), Browser based Graphical User Interface (GUI)
API Support SNMP – Network Management KMIP™ – Key Management Interoperability Protocol
User Authentication LDAP, Active Directory® (AD), or Local (for administrators and individuals)
Admin Authorization User ID/Password, Server Key
Hardware Class X86 Class Server (AES-NI instruction support preferred for encryption acceleration)
Protectable Data Any directory(s) on the existing OS supported filesystem
Supported Share Storage “N” targets for share storage can go to any filesystem addressable by the server
Linux® (Red Hat® & CentOS™): 6.2 kernel version 2.6.220 (64 bit) or newer
Supported OS Microsoft Windows® Server: 2008 R2 & 2012 R2 (64 bit)
VMware® ESXi™: 5.1 and 5.5
Supported File Systems EXT3, EXT4, XFS
Data Encryption AES-256 (keyed by file)
Key Management
Built-in simplified key management. Encryption keys are encrypted, split and stored with data shares. Eliminates need for massive keystore. Only the server key needs to be secured. You control the server key and can store it away from server using a KMIP supported key server, like the IBM Security Key Lifecycle Manager (SKLM).
Cryptographic bit-splitting with physical separation of data shares
Additional Security Keyed Information Dispersal Algorithm (IDA)
Optional file name encryption using AES-256
Secure: 1:1, 4:4
Supported “M of N” Advanced Secure: 2:3, 2:4, 3:4, 2:6
Advanced Multi-Site: 4:6, 3:8 (4:10 is coming in 2015)
Optional Support Tools Two free support tools are offered for use with one or more ICDES installations: a Central Key Manager for remote storage of the server key and a Central Monitor