Re: Encryption of data at rest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/28/09 1:19 PM, Bill Holland wrote:
> Of course, the correct NetApp answer is..... DataFort!
>  
> Honestly, I have no suggestions or experiences with it.  I've listened
> to the sales pitches on it, but did not see it as viable in our environment.

Agreed wrt DataFort.  If your scope is purely at-rest, it is solid.  It
drops in-line in your production storage environment and 'just
works'[tm] if you want to crypt everything or only subsets (vols) on
production filers.  Its especially nice when paired with the sister LKM
appliance(s) for enterprise key management, escrow, etc.  The actual
appliances doing the crypting are cluster-able too.  If your shop is not
using FCP, look at the E-series DataForts (models 505/510, last I
checked IIRC)

It is _worthless_ for data in-flight however.  I would love to see
something to defend against transitory data breaches; that would keep
this DRM talk out of my office ... ;)

My $0.02.  Cheers.

- --
Nick Silkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkn3R4gACgkQrDQjhjXrMeJ6RwCdGeUZjtlyKPPEo5rfgcuKaba7
JpEAoOAyavsT1XOz5vVtnVNFnJyFYI+g
=Ztyt
-----END PGP SIGNATURE-----