Superior Data-at-Rest Encryption

According to IDC’s recently released predictionsby 2022, 50% of servers will encrypt data at rest and in-motion. Data security has become one of the highest priorities for data centers and cloud computing environments as they seek to safeguard customer information, classified company documentation and communications, financial records, employee payroll records, and other confidential data.

Solutions for data-at-rest encryption are now a security requirement in many market segments such as health care, finance, e-commerce, federal government branches, and insurance—representing a significant overall percentage of the deployed storage. In fact, government legislation is now in place mandating data security and privacy, such as the Health Insurance Portability and Accountability Act, Gramm–Leach–Bliley Act, Sarbanes–Oxley Act, and the European Union General Data Protection Regulation. Even with these new regulations, McAfee estimated that the cost of cybercrime and data breaches was over $600 billion in 2017.

Data center managers have the daunting task of safeguarding data while still meeting continually-increasing performance demands for large-scale applications such as web serving, file serving, databases, online transaction processing (OLTP), machine learning, and high-performance computing (HPC).

Many data center managers are already turning to encryption to safeguard data. Encryption is a method of encoding information so that it can only be read by using the proper key. The encryption process can be software-based or hardware-based. While the CPU is responsible for powering software-based encryption, hardware-based encryption is performed within a chip located on the drive itself or on the storage adapter.

The three main types of encryption include software-based encryption, hardware-based self-encrypting drives (SEDs) and hardware-based encryption-enabled storage adapters. Software encryption comes at the expense of valuable CPU resources. Self-encrypting drives offer a high-performance hardware-based solution, but require significant operational overhead and do not provide the security and flexibility of controller-based encryption.

Encryption-enabled storage adapters, however, provide many advantages over software-based or hardware-based encryption. On an encryption-enabled storage adapter, the encryption/decryption process takes place independent of the CPU and OS, using a chip on the adapter instead of the drive, having little or no impact on latency or I/O performance.

Other advantages of encryption-enabled storage adapters include:

• Transparent to the host operating system and host CPU
• One adapter encrypts multiple drives, reducing capital expenses and deployment complexity
• Compatible with all brands of SAS and SATA HDDs and SSDs where a RAID volume is supported, spanning one or multiple drives
• Allows data centers to deploy a uniform, scalable encryption strategy across the entire enterprise
• Data is encrypted on the storage subsystem, avoiding data snooping on the adapter cache, attached cables, or expanders, all the way to the media of the drive
• Allows for selective encryption enablement and unique encryption keys per logical volume
• Support for data-in-place encryption while the volume remains accessible during the encryption

MaxCrypto™ controlled-based encryption is now available on the on the industry’s first readily available adapter – the Microsemi Adaptec SmartRAID 3162-8i/e.

With the growing responsibility of safeguarding sensitive information, using controlled-based encryption to encrypt data-at-rest ensures that unauthorized parties will not be able to read the data when drives are removed (either intentionally or unintentionally). MaxCrypto™ controller-based encryption delivers the highest levels of data protection with minimal impact on latency. It integrates seamlessly into existing storage infrastructures and allows data centers to deploy a uniform, scalable encryption strategy across the entire data center.

To learn more about maxCrypto™ controller-based encryption, please visit us at or connect with me on LinkedIn.

Tags: , , ,

Leave a Reply

You must be logged in to post a comment.