Hardware Eases Encryption Equation

Could encryption devices open the door to massive savings and faster backups? For financial firms Regulus Group and J.B. Hanauer, which recently chose hardware over software encryption, the answer is yes, although challenges remain where key management's concerned.

Napa, Calif.-based Regulus Group hopes to reap the financial benefits of a major security overhaul at its primary data center and a backup site in Charlotte, N.C. Back in March, the bill presentment specialist deployed 10 Decru DataFort-FC devices in an attempt to save money and streamline its infrastructure.

Previously, the firm, which has around 80 Tbytes of data on IBM SANs and tape libraries, was using more than 70 different software applications to encrypt data. "Key management on that type of thing was a nightmare," says Christian Philips, Regulus' chief security officer. "By going with a hardware solution, we were able to circumvent that whole morass of infrastructure."

The fact that the bulk of these software applications were custom built simply added to Philips' stress levels. "We had three people that just did the key management," he says.

With the DataForts, though, the exec expects some big annual savings in software development, licensing, and maintenance. "In an organization like ours, which is a heavy user of encryption, it's in the millions of dollars," explains Philips, estimating total savings of $1.5 million a year.

A big chunk of that savings is derived from about a dozen "store bought" software tools that cost around $300,000 a year in licensing fees alone.

He would not reveal how much Regulus spent with the Decru; pricing for Decru's FC-Series appliances begins at $25,000, although the vendor's SCSI version, the S-Series, is priced slightly cheaper at $15,000.

Crypto Acceleration
For Parsipanny, N.J.-based brokerage firm J.B. Hanauer, the shift to hardware encryption had more to do with time than money. Eric Latalladi, the company's CTO, told Byte and Switch that he deployed a CryptoStor appliance from NeoScale a year ago in an effort to speed up his encryption process.

Previously, Latalladi and his team used software from Legato to encrypt around 1 Tbyte of data held on ADIC libraries at his Garden State data center. "Software encryption is generally slow," he says, explaining that data bits have to be transferred between the hardware and the software and back again.

By using the CryptoStor appliance, though, Latalladi has speeded up his backups. "We have a maximum six-hour backup window and we were at capacity doing software-based encryption," he says, adding that backups can now be completed in around five hours and 15 minutes.

That said, financial considerations did play some part in Latalladi's buying decision. The exec looked at a number of different vendors, including Decru, before spending around $20,000 on his CryptoStor appliance. "I remember Decru being more expensive," he explains.

Conversely, Regulus' Philips looked at NeoScale before he deployed his Decru devices. "NeoScale lost out for a number of reasons," he explains, explaining that ease of installation was a big factor in his decision to deploy the DataForts.

For Latalladi, though, this was not a burning issue. "Ease of installation was not at the top of my priority list -- it should be senior level administrators deploying this," he says.

The exec admits, nonetheless, that he wants NeoScale to build on its decision to open up its key management APIs to other vendors. (See What's the Key to Excellent Encryption?, NeoScale Centralizes Management, and Multivendor Management Locked Up.) "I would like to see more of this type of thing from an industry perspective," he says. "At the moment, we're small enough for me to be able to throw my arms around the key management issue."

Last year NeoScale was the first encryption vendor to make a move in this space, opening up its APIs to Symantec, Entrust, and Optica in order to allay users' key management issues. (See All Keyed Up With NeoScale.) NeoScale told Byte and Switch that the first products based on this initiative will be available in the first half of this year.

— James Rogers, Senior Editor, Byte and Switch