Technical white paper

HPE 3PAR StoreServ Data-At-Rest Encryption

Executive summary

As technology moves forward and the requirement to protect user data becomes more of an everyday need for commercial users who store customer data, it is paramount that the storage manufacturers provide a safe method to protect the data stored on storage mediums. These protection standards should comply with the standards set forth by the National Institute of Standards and Technology (NIST) and beFIPS 140-2 (Federal Information Processing Standard) compliant.
To answer the need for securely storing data, all currently supported HPE 3PAR StoreServ Storage arrays including the HPE 3PAR StoreServ 7000 and 3PAR StoreServ 10000, support the use of Self Encrypting Drives (SED). To support the use of SED drives theHPE 3PAR StoreServ Storage array must use HPE 3PAR OS 3.1.2 MU2 or above. The SED is a hard drive or solid-state disk drive with a circuit (ASIC) built into the drive controller's chipset which encrypts/decrypts all data to and from the drive media automatically.
Hewlett Packard Enterprise has continued to enhance the encryption support on the HPE 3PAR StoreServ arrays by offering FIPS-2 compliant SED drives with a subsequent release of HPE 3PAR OS and is now offering with HPE 3PAR OS 3.2.1 the ability to use an external Enterprise Key Manager (EKM). An enterprise secure key management solutions that offer the flexibility of local, remote, and centralized controls over keys will include a number of defining characteristics. It's important to consider the aspects that will help match the right solution to an application environment for best long-term reusability and ROI - relative to cost, administrative flexibility, and security assurance levels provided.