This article can also be found in the Premium Editorial Download "Storage magazine: Comparing EMC Symmetrix DMX-3 vs. Hitachi Data Systems USP1100."
Download it now to read this article plus other related content.
TCG and information lifecycle security
When the ILM concept was introduced in 2003, the lack of security protection built into the model was striking. Three years later, ILM has been enhanced with security features, but implementation remains an issue. TCG-enabled storage could overcome these problems through its support of the following:
Distributed cryptographic and key management services. ILM will require critical data to be copied, verified, distributed and encrypted. Managing multiple copies of documents and their associated encryption operations could mean managing multiple, redundant encryption systems. And if encryption keys are lost, critical data might be unrecoverable. TCG-enabled storage promises to ease ILM key management by baking cryptographic services such as signing, hashing, verification and encryption into the storage infrastructure. ILM vendors can use the storage device's base-level cryptographic services to focus on key and policy management rather than on storage layer encryption services.
Pervasive logging. Similar to cryptographic services, trusted storage will also support logging and clocking capabilities. With this infrastructure in place, ILM vendors can focus on log aggregation and analysis rather than on basic data collection.
Operationally efficient data deletion. When users want to retire or move storage devices, there are a number of choices for data deletion--from physical device destruction
Ultimately, ILM vendors and users will benefit from TCG-enabled storage devices. ILM vendors can accelerate security enhancements by building management functionality on top of the TCG API and utilizing the TCG security plumbing. For users, TCG-enabled storage should ease the inevitable interoperability problems posed by multiple ILM implementations because products will call the same APIs, use the same commands and harvest the same device-resident data.
The bottom line
When it comes to security, the storage industry went from a state of denial to a state of confusion. This isn't unusual with information security because there are often more questions than answers.
In this perpetual enigma, the TCG storage specification may be a breath of fresh air. By baking security and software functionality into the disk drives themselves, TCG is providing a secure storage foundation that can be taken advantage of by storage management software vendors and users. This functionality goes beyond securing the storage infrastructure, as it can be extended to become part of secure ILM.
This was first published in January 2007