Emulex FC Host Bus Adapter Encrypts Network Storage

Emulex is introducing a new data encryption appliance and software solution Tuesday that emphasizes host-based encryption, which it claims is simpler and less expensive to use than encryption on disks, in databases or elsewhere on the network. The offering includes the OneSecure host-bus adapter (HBA) hardware, the OneCommand Guardian software for encryption and the OneCommand Key Manager for securing the keys that decrypt sensitive data.

Host-based encryption is 80 percent less expensive than encryption at network switches, 50 percent cheaper than encrypting disk arrays, half the cost of database encryption and 30 percent less than the cost of physically destroying discarded disk drives to make sure data is not at risk, Emulex claims.

The point of host-based encryption is to perform the encryption as close to the application that created the data as possible. If it's encrypted at the host, it stays encrypted throughout the network and it also makes it easy to prove to a compliance auditor that the data is encrypted.

Demand for encryption technology is driven by the growing number of security breaches reported worldwide and the cost to companies whose customer data is compromised. The average cost per incident is $6.6 million, according to a 2008 Ponemon study, a figure that includes the cost of repairing the breach, notifying customers as is required by law in 46 states and abroad, and paying for customer credit reports in the event financial information is exposed.

Most laws requiring customer disclosure of data breaches include an exemption if the data is encrypted. Emulex's solution keeps the encrypted data and the key to decrypt it separate, thus protecting the company from an embarrassing and costly breach disclosure.The OneCommand Guardian product is kernel-based software encryption that meets a recently adopted key management interoperability protocol (KMIP) industry standard. OneCommand Key Manager is rebranded Tivoli key manager software from IBM.

The HBA hardware can be either Emulex's OneSecure 8 gigabits per second (Gb/s) Fibre Channel (FC) HBA or its LightPulse 8Gb/s FC adapters. The solution only supports FC now, but will be available for iSCSI or SAS networks later in the future.

Emulex's solution can enhance the level of  security for enterprise data, said Jon Oltsik, a storage industry analyst at Enterprise Strategies Group. "The unique quality is host-based encryption with hardware off-load. Since the data is encrypted on the host, it provides an added level of security for all storage encryption," said Oltsik in an e-mail interview. However, Emulex may be limited by its low visibility in the market, he added. It competes against sellers of database, file server or storage encryption and IT security customers may not be aware of Emulex's offerings.

Emulex sells through storage original equipment manufacturers (OEMs), such as EMC, and so is dependent on them for sales. "If [the OEMs] recognize the strength of the Emulex solution and then push it, Emulex should have some success," he said.

The OneCommand Guardian (for a two-port license) and OneCommand Key Manager software list together for $2,517 while the OneSecure HPA lists for $5,500 for a dual-port installation. Emulex made the announcement simultaneously at two tech conferences in Frankfurt, Germany, and Honolulu, Hawaii.