- 15 January 2004 16:23
Network Appliance and Decru Deliver Secure Storage for IBM's Certified Records Management Solution
Secure storage successfully demonstrated as part of IBM's US DoD 5015.2 Certification
FOR IMMEDIATE RELEASE Sydney - January 15th, 2004
Network Appliance, Inc. (NASDAQ: NTAP), a leading provider of enterprise network storage solutions and Decru, Inc., the leader in networked storage security, have unveiled a storage security option which integrates with IBM's electronic records management solution, setting a new bar for secure records management.
The option consists of Network Appliance(tm) storage system and Decru DataFort(tm) storage security appliance, specially configured for IBM's electronic records management software solution.
The secure storage option was demonstrated to the United States Department of Defense Joint Interoperability Test Command (JITC) during certification testing of IBM's DB2 Records Manager Enabler for Content Manager V8.2. Tests were successfully concluded October 27, 2003. According to the JITC summary certification test report, the demonstration showed:
o IBM DB2 Records Manager Enabler for Content Manager was authorised to return data stored on the Network Appliance storage system to the user in its native format, which was proven to be identical to the original file o The Decru DataFort security appliance controlled views to IBM DB2 Content Manager content such that unauthorised access would only result in encrypted data o After performing a destroy action in IBM DB2 Records Manager, the encryption key which allows decryption of the content was destroyed, making recovery of the content impossible.
IBM's US DoD 5015.2 certified e-records solution can now utilise the full capabilities of NetApp(r) storage systems and Decru DataFort storage security appliances. The joint solution enables government and business users to fully comply with DoD 5015.2 requirements, while at the same time meeting stringent data protection and electronic shredding requirements.
The DoD 5015.2-STD certification is a records management application (RMA) test with rigorous requirements for systematic control of the creation, maintenance, use, reproduction and deletion of records. With increasing regulatory pressures and stockholder scrutiny, companies need solutions that can help them electronically capture, preserve, manage, protect and ultimately dispose of information assets. Many US government agencies and the vendors who supply them with software solutions, are seeking compliance with DoD 5015.2-STD regulations. Full details of all DoD 5015.2-STD certified solutions can be accessed online at http://jitc.fhu.disa.mil/recmgt/register.htm.
"Governmental organisations as well as regulated enterprise users are demanding integrated, secure and compliant solutions for managing their most valuable data assets. The NetApp-Decru option for IBM's DoD 5015.2-STD-certified records solution addresses all of these requirements in a certified, tested package," said Peter Gerr, analyst at the Enterprise Storage Group. "ESG believes that encryption of data-at-rest and in transit along with secure electronic file shredding, are becoming must-have features for a wider range of applications."
Secure Records Management The NetApp-Decru-IBM solution provides a robust platform for integrated management of electronic and physical information assets. For organisations managing sensitive or classified data, security for stored data and file shredding presents difficult information assurance challenges. Over the past decade, storage has been increasingly consolidated and replicated across networked storage systems; this trend has enabled significant scalability and efficiency gains but has also created serious vulnerabilities. Additionally, new data forensics techniques have made it nearly impossible to completely erase data stored in cleartext format from hard drives, further multiplying the risk of data exposure. The NetApp-Decru option uniquely addresses these serious security issues using strong AES-256 storage encryption and Decru CryptoShred(tm) for secure file shredding.
"Government and business users face stringent security compliance requirements in the area of records management and the storage requirements for these assets continue to increase," said Mark Santora, senior vice president of marketing at Network Appliance. "Working with Decru and IBM, we can deliver certified, integrated storage solutions that address a wide range of mission and business needs."
"Government and enterprises are demanding solutions that deliver end-to-end security and compliance," said Dan Avida, Chief Executive Officer at Decru. "By leveraging government-certified, hardware-based encryption and key management, the NetApp-Decru option ensures that sensitive information within IBM's records management solution is never stored in cleartext. This approach ensures that stolen data cannot be read and expired data can be securely deleted."
About the NetApp-Decru Option Customers can leverage the NetApp-Decru option to rapidly deploy a complete, certified e-records solution with secure storage. In a typical deployment, IBM DB2 Records Manager and DB2 Content Manager software is mounted to Decru DataFort storage security appliances. DataFort secures data transmission and storage at wire speed using secure access controls, authentication, AES-256 storage encryption and cryptographically signed logging. DataFort then mounts NetApp storage systems and writes encrypted data onto disk with file metadata intact. NetApp storage in turn provides ease of management and scalability to handle rapidly evolving storage needs. The solution can be deployed transparently with zero desktop footprint for users, insuring minimal disruption to existing workflow and infrastructure.
Because sensitive cleartext data is never written to disk, a wide variety of electronic and physical attacks on stored data are neutralised. Decru CryptoShred features enable users to permanently delete primary and secondary copies of data by securely deleting encryption keys. All copies of expired data are instantly destroyed regardless of physical location and even sophisticated laboratory techniques cannot access the original cleartext data.
Notes for Editors
About Decru Decru, headquartered in Redwood City, Calif., develops storage security solutions to address a range of business needs for enterprises and government, including intellectual property protection, regulatory compliance, privacy and internal controls. Decru DataFort protects the core of the storage network with a layer of strong encryption, authentication, access controls and compartmentalisation. Decru DataFort appliances can be deployed transparently in SAN, NAS, DAS and tape backup environments, with no changes to servers, desktops, applications, or user workflow. Decru's cryptographic and key management modules have completed certification testing for FIPS 140-2 Level 3 and DataFort's AES-256 encryption has been formally certified by NIST. Decru was founded in 2001 and has raised more than $45 million in venture financing from Benchmark Capital, Greylock, New Enterprise Associates, In-Q-Tel and others.
About Network Appliance Network Appliance is a world leader in unified storage solutions for today's data-intensive enterprise. Since its inception in 1992, Network Appliance has delivered technology, product and partner firsts that continue to drive "The evolution of storage.(tm)" Information about Network Appliance solutions and services is available at www.netapp.com.
NetApp is a registered trademark and Network Appliance and The evolution of storage are trademarks of Network Appliance, Inc., in the U.S. and other countries. DataFort and CryptoShred are trademarks of Decru, Inc. All other trademarks are the property of their respective owners.
For further information please contact - Harry Christian Network Appliance, Inc. tels +61 (0) 2 9779 5600 & +61 (0) 407 100 666
Press contact - Michael Henderson Gotley Nix Evans Pty Ltd tels +61 (0) 2 9957 5555 & +61 (0) 413 054 738 email@example.com