Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Hardware Eases Encryption Equation

Financial services firms shun software in search of big savings, speedy encryption

Could encryption devices open the door to massive savings and faster backups? For financial firms Regulus Group and J.B. Hanauer, which recently chose hardware over software encryption, the answer is yes, although challenges remain where key management's concerned.

Napa, Calif.-based Regulus Group hopes to reap the financial benefits of a major security overhaul at its primary data center and a backup site in Charlotte, N.C. Back in March, the bill presentment specialist deployed 10 Decru DataFort-FC devices in an attempt to save money and streamline its infrastructure.

Previously, the firm, which has around 80 Tbytes of data on IBM SANs and tape libraries, was using more than 70 different software applications to encrypt data. "Key management on that type of thing was a nightmare," says Christian Philips, Regulus' chief security officer. "By going with a hardware solution, we were able to circumvent that whole morass of infrastructure."

The fact that the bulk of these software applications were custom built simply added to Philips' stress levels. "We had three people that just did the key management," he says.

With the DataForts, though, the exec expects some big annual savings in software development, licensing, and maintenance. "In an organization like ours, which is a heavy user of encryption, it's in the millions of dollars," explains Philips, estimating total savings of $1.5 million a year.

A big chunk of that savings is derived from about a dozen "store bought" software tools that cost around $300,000 a year in licensing fees alone.

He would not reveal how much Regulus spent with the Decru; pricing for Decru's FC-Series appliances begins at $25,000, although the vendor's SCSI version, the S-Series, is priced slightly cheaper at $15,000.

Crypto Acceleration
For Parsipanny, N.J.-based brokerage firm J.B. Hanauer, the shift to hardware encryption had more to do with time than money. Eric Latalladi, the company's CTO, told Byte and Switch that he deployed a CryptoStor appliance from NeoScale a year ago in an effort to speed up his encryption process.

Previously, Latalladi and his team used software from Legato to encrypt around 1 Tbyte of data held on ADIC libraries at his Garden State data center. "Software encryption is generally slow," he says, explaining that data bits have to be transferred between the hardware and the software and back again.

By using the CryptoStor appliance, though, Latalladi has speeded up his backups. "We have a maximum six-hour backup window and we were at capacity doing software-based encryption," he says, adding that backups can now be completed in around five hours and 15 minutes.

That said, financial considerations did play some part in Latalladi's buying decision. The exec looked at a number of different vendors, including Decru, before spending around $20,000 on his CryptoStor appliance. "I remember Decru being more expensive," he explains.

Conversely, Regulus' Philips looked at NeoScale before he deployed his Decru devices. "NeoScale lost out for a number of reasons," he explains, explaining that ease of installation was a big factor in his decision to deploy the DataForts.

For Latalladi, though, this was not a burning issue. "Ease of installation was not at the top of my priority list -- it should be senior level administrators deploying this," he says.

The exec admits, nonetheless, that he wants NeoScale to build on its decision to open up its key management APIs to other vendors. (See What's the Key to Excellent Encryption?, NeoScale Centralizes Management, and Multivendor Management Locked Up.) "I would like to see more of this type of thing from an industry perspective," he says. "At the moment, we're small enough for me to be able to throw my arms around the key management issue."

Last year NeoScale was the first encryption vendor to make a move in this space, opening up its APIs to Symantec, Entrust, and Optica in order to allay users' key management issues. (See All Keyed Up With NeoScale.) NeoScale told Byte and Switch that the first products based on this initiative will be available in the first half of this year.

— James Rogers, Senior Editor, Byte and Switch

  • Advanced Digital Information Corp. (Nasdaq: ADIC)
  • Decru Inc.
  • Entrust Inc.
  • IBM Corp. (NYSE: IBM)
  • EMC Legato
  • NeoScale Systems Inc.
  • Optica Technologies Inc.
  • Symantec Corp. (Nasdaq: SYMC)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    9 Tips to Prepare for the Future of Cloud & Network Security
    Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
    Vulnerability Disclosure Programs See Signups & Payouts Surge
    Kelly Sheridan, Staff Editor, Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15216
    PUBLISHED: 2020-09-29
    In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
    CVE-2020-4607
    PUBLISHED: 2020-09-29
    IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
    CVE-2020-24565
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25770
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25771
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...