Today’s announcement addresses virtually every element of the data security chain and is highlighted by the introduction of the industry’s first fully encrypting data drive, bringing unsurpassed levels of security to small, medium and large businesses alike. This history-making drive will protect the data in the event that it is lost or stolen, rendering it unreadable to anyone who finds it. With this option, customers can encrypt the large files intended for remote recovery sites or for data archiving at tape hardware speeds. It will also provide customers with the ability to share encrypted tapes with their business partners.
IBM's Security and Privacy Services practice within IBM Global Technology Services will provide the necessary framework, architecture and support to execute a comprehensive enterprise security program and leverage IBM's encryption solution to resolve data security issues.
Additionally, IBM Business Continuity and Resiliency Services (BCRS) have IBM’s data encryption drives installed at their worldwide recovery locations. IBM BCRS will also offer services to execute recovery procedures and operations that include use of tape hardware encryption.
New Encryption Technology – IBM System Storage TS1120
Many government agencies and more than 30 states have passed legislation requiring businesses to disclose security breaches, which is why more than 90 million consumers have been notified of potential security breaches regarding personal information in a little more than 18 months. The IBM System Storage TS1120 is the first encryption drive in the market that addresses the requirements of that legislation and the needs of businesses to protect sensitive information that they store on their customers.
"We were thrilled to hear that IBM would be offering an encryption solution," said Debbie Wheeler, Chief Information Security Officer at Fifth Third Bank. "Protecting our customers' information is a top priority for Fifth Third Bank, and encryption is a key part of that strategy."
There are significant advantages to performing encryption in the tape drive. Early measurements show no appreciable degradation to performance during the reading and writing of encrypted data. Encryption in the drive also enables data compression, reducing potential impact on the media, and the encryption-enabled tape drive can also process non-encrypted workloads.
“Demand for the new data encryption drive has been off the charts, with IBM already exceeding its internal goals for sales,” said Andy Monshaw, general manager, IBM System Storage. “The reason for the demand is simple -- data loss and identity theft continue to plague corporations and consumers alike. Today, a new level of security is available to corporations that want to ensure their data will never be accessed if it is ever found in the wrong hands. In the case of stolen or lost records saved to tape or disk, encrypting data renders the records totally unreadable.”
In addition to providing high-performance encryption in the drives, IBM's innovation in encryption key management is a crucial and proven part of the tape encryption solution. This key management capability allows customers to ensure that the encrypted tape can only be decrypted by the intended party, and the decryption keys are available when and where they are needed.
The IBM tape encrypting solution leverages the proven encryption technologies of the IBM mainframe. Mainframe centralized key management provides a single point of control for the tape encryption keys, with high security and availability, long-term key management, and excellent disaster recovery capabilities. System z servers also use tamper-resistant hardware features for further protection of the keys.
“Public-key cryptography gives customers a tool set that allows them to radically simplify the process of key management. A unique key can be used with each tape cartridge, and by using public key cryptography, customers can conceal these unique keys and leave them right with the tape cartridge.” said Marianne Mostachetti, Director of IBM System z Software. “The public-key infrastructure that's inherent in the IBM z/OS is the ideal way for tape cartridges to be opened up.”
Encryption comes standard on all newly ordered TS1120 tape drives and clients with installed TS1120 drives can upgrade to include this feature. The IBM Encryption Key Manager for the Java platform – free as part of IBM’s Java software development kit – will generate and communicate encryption keys for tape drives across the enterprise. Finally, key management software supports the encryption tape drive – a wide variety of configurations, such as z/OS, i5/OS, AIX, HP, Sun, Linux and Windows.
The TS1120 drives supports three different encryption management methods: Application, System, or Library Managed. For System or Library managed encryption, the IBM Encryption Key Manager for the Java platform – included, at no additional charge, as part of IBM’s Java Virtual Machine – will generate and communicate encryption keys for tape drives across the enterprise. This encryption capability is supported when the TS1120 Tape Drive is integrated or attaches in the IBM System Storage TS3500 Tape Library, IBM System Storage TS1120 Tape Controller Model C06, IBM TotalStorage® 3592 Tape Controller Model J70, IBM TotalStorage 3494 Tape Libraries, IBM TotalStorage C20 Silo Attach frame, and stand-alone environments. Finally, the IBM Encryption Key Manager software supports the TS1120 tape drive – in a wide variety of configurations, such as z/OS, i5/OS, AIX, HP, Sun, Linux and Windows.
For Application managed encryption, IBM Tivoli Storage Manager – IBM’s enterprise-level back up and recovery software – will generate and communicate encryption keys to the TS1120 drives. Tivoli Storage Manager’s policy management capabilities automatically determines if TS1120 encryption is to be used, and if so invokes encryption and provides the necessary encryption keys. TSM support for TS1120 encryption capabilities is the newest addition to TSM’s encryption capabilities for securing data-at-rest.
IBM Encryption Leadership
IBM developed the first encryption standards – published by the NSA in 1975 - and with 3,500 security and privacy professionals around the world, IBM continues to be the market leader in information security. The IBM TS1120 now joins IBM’s full range of encryption solutions, including IBM Data Encryption for Information Management System (IMS) and DB2 Databases and IBM Encryption Facility for z/OS.
Pricing and Availability
The IBM System Storage TS1120 is available immediately, with a starting list price of $35,500.