NetApp may have snapped up Decru, and EMC has just devoured RSA Security and Network Intelligence. But there are still plenty of promising storage security startups around. In fact, some appear to be thriving due to the impact of information lifecycle management (ILM) on the storage sector.
One such company is BitArmor Systems Inc. of Pittsburgh, PA. It has released BitArmor Security Suite Version 2.0, a tool that ensures data security is maintained, regardless of where it is (SAN, NAS, DAS, backup tape and CD-ROM), and that only those people who see it have access to it.
“BitArmor Security Suite is an integrated data security and data lifecycle management software suite that enables companies to defend and manage their data during all stages of the data lifecycle,” says Mark Buczynski, vice president of marketing. “It can efficiently protect any enterprise data in flight over any network and stored on any media.”
What about better-known alternatives such as public key infrastructure (PKI)? PKI was established as a means of providing authorization, authentication and encryption for millions of entities. Such systems involve a set of policies, processes, server platforms, software, and workstations used to administer certificates and public-private key pairs, including the ability to issue, maintain, and revoke keys.
PKI is based on an asymmetric key architecture, where data can be encrypted using a public key, and once properly authenticated, authorized users may decrypt the data using a special private key. However, distributing private and public keys to relevant entities requires complicated sequences of operations that often involve both user and administrator intervention. Managing the public keys and key interactions for many entities requires the purchase of expensive management systems that are complex to administer and can sometimes inconvenience users.
“BitArmor Security Suite alleviates the burden of managing multiple sets of keys, as is necessary with current PKI-based technologies that encrypt and decrypt data separately for each media type, each user, or each storage device,” says Buczynski. “It automates key management and makes the management, deployment, and enforcement of data security easy, intuitive, and transparent to end users.”
All data encryption policies, management policies, and data security policies are centrally managed and enforced from a single location within an organization. Data security policies can be consistently enforced, and protection is not limited to certain types of data. Thus BitArmor positions its product as being a more robust data security and data lifecycle as opposed to other approaches which either protect or manage a particular type of data, or those that administered by individual users.
It integrates technologies such as cryptographically enforced authentication, authorization, access control, auditing, encryption, and data management. According to Buczynski, this is particularly useful to organizations financial services companies, health care organizations, manufacturers, publicly traded companies, and government agencies.
“Even system or LAN administrators can’t access data if they are not properly authenticated by BitArmor,” says Buczynski. “If any user fails to correctly identify himself, data is inaccessible.”
Further, the system lets IT positively identify who accesses and who tries to access data via cryptographic protocols and passphrase validation. For highly sensitive data, there is a token or smartcard-based two-factor authentication option. A central audit log records every authentication attempt. When unauthorized access is attempted, security administrators are alerted.
“Because all transactions are encrypted while in transit, even over wireless networks, you’re assured that your authentication credentials won’t be stolen from your network,” says Buczynski.
BitArmor also provides some value at the end of the regulatory compliance lifecycle. Say data is protected and maintained throughout the period required under regulatory compliance. Once it reaches the end of its mandated retention period, it may become a corporate liability.
“Our systems helps you can mitigate the risk of maintaining outdated, unnecessary data by destroying it instantaneously and irrevocably,” says Buczynski. “You won’t have to worry about data lingering on a laptop or on backup media being lost, stolen, or uncovered during an eDiscovery process.”
Once data reaches the end of its retention period, a security administrator can programmatically review and destroy any data under management, wherever it resides. Even data stored in remote locations or on missing laptops can be destroyed from a central location.
This aligns with recent amendments to the Federal Rules of Civil Procedure, which are scheduled to go into effect on December 1, 2006. Amended Rule 37 (f) or the “safe harbor” rule, for example, states that when a data retention policy routinely follows a good-faith process, that a company cannot be subject to sanctions for data destroyed as part of that process.
“With its programmatic destruction function, BitArmor Security Suite will help simplify the eDiscovery process by ensuring that you’re maintaining only the data you have to,” says Buczynski.
For a five-laptop key server domain, BitArmor Security Suite costs $10,500 per year. Additional licensing is around $115 per seat.