Data Domain Encryption
Enhance the security of backup and archive data
Secure Data Management
Inline Encryption
Key Management and Integrity
Details
Secure Data Management
With EMC Data Domain Encryption, encryption of data-at-rest safeguards user data in the event of theft or loss of physical storage media. Additional privileged commands can lock and unlock the file system to further secure and protect user data during system transport.
Data Domain Encryption provides administrator-selectable, industry-standard 128-bit or 256-bit Advanced Encryption Standard (AES) algorithms implemented by the FIPS 140-2 validated RSA BSAFE cryptographic libraries for encrypting and decrypting all user data within the system. Depending on IT security policies, the block cipher modes for the AES algorithm can be set to provide confidentiality using Cipher Block Chaining (CBC) or both confidentiality and message authenticity using Galios Counter Mode (GCM).
Inline Encryption
Data Domain Encryption seamlessly integrates with the high-speed, inline deduplication process and encrypts data before it’s written to disk. Inline encryption provides a fast and secure solution that ensures that user data never resides in a vulnerable, unencrypted state on the disk subsystem.
Key Management and Integrity
By default, Data Domain Encryption software option encrypts all data on the system using an internally-generated encryption key. This encryption key is static and cannot be changed by the user.
For environments requiring encryption keys be changed on a periodic basis to meet compliance regulation, you can manage the lifecycle of the encryption key for each Data Domain system individually with encryption key rotation. If an external encryption key manager is needed, the Data Domain system can be integrated with RSA Data Protection Manager for an enterprise-wide external encryption management.
Related Offerings
Products
-
Avamar
Gain fast, secure backup and recovery for your VMware environments, remote offices, desktops, laptops, and data center with client-side deduplication.
-
Cloud Tiering Appliance
Optimize your network-attached storage (NAS) infrastructure with fully automated file tiering, archiving, and file migration.
-
Data Protection Advisor
Automate backup and replication analysis and prove recoverability.
-
Disk Library for mainframe
Store various data types with a full mainframe virtual tape library with traditional and deduplication storage support.
-
EMC SourceOne Archiving Family
Improve operational efficiency, enable litigation readiness, and mitigate risk.
-
NetWorker
Unify backup with a wide range of data protection options that simplify and speed recovery across physical and virtual environments.