 
AT THE CRITICAL INTERSECTION OF DATA
SECURITY AND NETWORKED STORAGE |
THERE IS DATAFORT |
|
DataFort appliances combine secure access controls, authentication, storage encryption, and secure logging to provide unprecedented protection for sensitive stored data. Because DataFort protects data at rest and in flight with strong encryption, even organizations that outsource IT management can be sure their data assets are secure. In short, DataFort offers a powerful and cost-effective solution to address a broad range of external, internal, and physical threats to sensitive data.
:DataFort hardware was designed from the ground up for maximum security. At the heart of the system is Decru's Storage Encryption Processor (SEP) — a robust hardware engine enabling full-duplex, multi-gigabit-speed encryption and key management. Decru's SEP, clustering and key management have passed certification testing for FIPS 140-2 level 3. DataFort's AES-256, SHA-1 and SHA-256 encryption implementations have also been certified by the National Institute for Standards and Technology (NIST.)
:
Decru DataFort incorporates strong AES-256 encryption, optimized by Decru for protecting stored data. DataFort uses a True Random Number Generator (TRNG) to create keys, and cleartext keys never leave DataFort's secure hardware, offering the highest level of security against attacks.
: Security administrators can compartmentalize data in shared storage using Cryptainer™ storage vaults. Cryptainer vaults cryptographically partition stored data, and provide an additional layer of threat containment. DataFort also supports the creation of cleartext Cryptainer vaults, which enables administrators to enforce access controls centrally, but leave less sensitive data unencrypted.
:Decru's Lifetime Key Management™ system (LKM) securely automates the archiving and recovery of encryption keys across the enterprise, ensuring data stored for decades can be decrypted. A software recovery tool ensures access to data in the event that DataFort hardware is rendered inoperable.
: DataFort provides a powerful, single point of secure access controls and authentication for heterogeneous client and storage environments. DataFort integrates transparently with directory servers such as LDAP, Active Directory and NIS, and adds a layer of hardware-based policy enforcement that prevents common attacks. DataFort also incorporates smart cards to ensure that only authorized DataFort administrators can configure and manage the DataFort. In SAN environments, DataFort can use Host Authentication to further lock down the fabric.
: In Ethernet environments, DataFort can secure data in flight from the desktop or server with integrated Storage VPN features. DataFort supports IPsec or SSL with hardware-based acceleration, and WebDAV support enables secure, drag-and-drop access to networked storage for remote users or partners over the Internet.
: Each DataFort keeps a cryptographically signed log of activities. Reports are fully customizable to track relevant events, including failed authentication attempts, Cryptainer access, administrative actions, or intrusion.
: CryptoShred simplifies the process of permanently deleting data. By deleting an encryption key, all copies of associated data are instantly destroyed, regardless of physical location. CryptoShred provides vital functionality for a range of applications, including regulatory compliance, hardware redeployment or disposal, and protection for data in harm's way.
Download PDF
|
