HP is releasing add-ons for its storage products to enable automated encryption of data stored on tape drives and virtual tape libraries. The company is adding encryption support for its MDS 9000 family with what it calls the HP C-Series MDS Storage Media Encryption (SME) fabric switch.
"This is symmetric-key encryption," says Gary Lefkowitz, director of the HP Secure Advantage division. "You can create a key per tape, while inserting controls as a way to protect resources."
Other makers of tape libraries (such as IBM and Spectra Logic) are adding encryption to their products, according to Deni Connor, analyst at Storage Strategies Now. "Regulations are calling for it, and managers should consider it essential," she said.
In addition, HP has developed an encryption add-on kit that lets small-to-midsize businesses protect data stored by the HP 1/8 G2 Tape Autoloader and MSL Tape Libraries with LTO-4 tape technology. The HP StorageWorks 1/8 G2 & MSL LTO-4 Encryption Kit generates and retains encryption keys. It is expected to be available in June, priced at $2,500 (£1,250) in the US.
HP also has added an appliance that stores records about encryption-key use to its HP Compliance Log Warehouse (CLW) for LTO-4 enterprise tape libraries. The CLW, which generates reports for audit-trail purposes through a central log collection and retention method, now stores information about encryption-key use through a dedicated key-management appliance called HP StorageWorks Secure Key Manager.
The Secure Key Manager costs $100,000 (£50,000); the CLW starts at around $125,000 (£62,500) in the US. Both are available now.
HP also is making available an online tool called Storage Security Assessment, which lets customers gauge storage and security needs through a question-and-answer evaluation. HP's Consulting & Integration Security and Risk Management Practice developed the tool.
In other security news from HP, the company says its HP-UX 11i operating system has received the Common Criteria certification for the EAL4 assurance level, related to the controlled-access and role-based access-control protection profiles.
Common Criteria is an international product-evaluation and certification programme supported by about two dozen countries and under which products are tested in certified laboratories to determine whether they meet a range of predefined security criteria and perform as anticipated.