Fujitsu Computer Systems Tuesday plans to announce a petabyte-size storage array with native encryption, but some users with high security needs said they are uneasy about the possibility of losing access to their data once it is encrypted.
Fujitsu's Eternus8000 and Eternus4000 storage arrays are replacements for the company's Eternus6000 and Eternus3000 products, said Richard McCormack, vice president of marketing. The Eternus8000 is more than twice as fast as the Eternus6000, while the Eternus4000 is 50 percent faster than the Eternus3000, the company said. In addition, the Eternus8000 supports up to 1.38 petabytes of storage.
Both new arrays include the ability to store data encrypted with 128-bit AES keys. The key, which is stored on the disk drive itself, is also encrypted.
That makes Ken Westerback, information technology architect at St. Michael's Hospital in Toronto, uncomfortable. While Westerback would like to store data that is encrypted, due to the requirements of Ontario's Personal Health Information Protection Act, he said he wants full control over the encryption so he can replace the encryption engine if he wants. Westerback said Fujitsu hasn't briefed him on its new products and that he needs more details. He said he wants strong assurances that there would always be a way to get the data off the device no matter what kind of failure the arrays might suffer.
Losing access to the data -- or Fujitsu having what he called a "magic password" that could retrieve the data -- would be even worse than an unauthorized person seeing it, he said.
Westerback is not alone in his concerns, according to John Webster, an analyst at Data Mobility Group. While the idea of native disk-level encryption has been discussed for some time -- IBM announced its intention to provide encryption on the disk drive level earlier this month -- users have two main concerns, he said.
First, they are worried about the performance impact encryption would carry. The second, and greater, concern is devising a strategy for key management to ensure that the organization can still get at the data, Webster said. It becomes another layer of management complexity, because not only is there the question of what happens if the keys are lost, but organizations need to plan what to do in case the person responsible for managing the encryption system takes another job, he said.
On the other hand, Dave Russell, an analyst at Gartner, noted that even organizations that are not required to do so for regulatory purposes are aware of the need for protecting data and that building encryption into the disk array itself could be appealing because alternatives are slower or more complex. And while it's true that an organization that loses the key would lose access to the data, it's not an issue unique to Fujitsu but applies to all forms of encrytpion.
McCormack said that to forestall problems with a disk error rendering keys unusable, the encrypted key is stored in four places on a disk, and if one of them became unusable, the server would automatically move to the next key location and log the incident.
Other new features in the arrays include a remote advanced copy feature that lets users replicate data between Eternus systems; support for iSCSI, which allows organizations to use lower-cost IP circuits to connect the arrays to hosts; and Massive Array of Inactive Disk (MAID) technology, which reduces heat generation and power consumption by temporarily shutting down disks when they're not being used.
The arrays are available now starting at US$24,500.