RSA '07: EMC bolsters security for high-end arrays

EMC’s revamped Enginuity operating software adds tools for better securing Symmetrix arrays

By Deni Connor, Network World
February 06, 2007 12:07 AM ET

. What's this?

EMC Tuesday rolled out a new version of its Symmetrix operating system that incorporates security features from its $2.1 billion acquisition of RSA Security in 2006.

EMC debuted its Enginuity 5772 operating software for Symmetrix arrays at this week’s RSA Conference in San Francisco. The new release includes three security-focused components:

• Audit Log, which provides a tamper-proof view of management and support actions.

• Symmetrix Service Credential, which prevents unauthorized service actions.

Related Content

• Certified Data Erasure, a facility aimed at eliminating exposure to data theft for Symmetrix disks.

The Audit Log component records host-initiated actions, physical component changes, actions on service processors and access attempts blocked by security controls. The contents of the audit log cannot be modified or deleted, and only authorized users can access the logs. EMC previously had audit logs for Symmetrix platforms; this new audit log prevents modification or deletion by all users, including those with superadmin access privileges.

RSA '07 HQ: Click here for complete coverage

“Auditability is actually very, very important," says David Hill, senior analyst for the Mesabi Group. "The Federal Rules of Civil Procedure were passed on Dec.1, and one thing that applies to compliance and governance is the concept of auditability, which deals with data as evidence and a chain of custody.”

Each Symmetrix array contains an onboard service processor that is used to remotely monitor the storage array. The new Symmetrix Service Credential component, which is built on RSA SecurID technology, authenticates users who have valid access to the service processor and can enforce different credentials by user, action, system or time. In every case, access is by an encrypted credential and user password. This capability complements existing Symmetrix Access Control authorization features. In the future, EMC hopes to supplement this capability with use of the RSA SecurID hardware authenticators.

EMC’s new data erasure options include a service, delivered through the company’s global services group, for drives that have been removed from Symmetrix arrays, as well as a software-based offering for failed disks. The Certified Data Erasure technology lets customers shred data on a disk at the end of a lease, or when a disk drive has reached its end-of-life, for example. After erasure, EMC provides customers with a certificate that data has been successfully destroyed.

EMC’s data erasure services and software adhere to Department of Defense specification 5220.22-M, which requires that disks be overwritten multiple times.

“Certified Data Erasure is also very important because it gives a customer a perfectly legal way of getting rid of data,” Hill says. “A lot of data is totally useless, and data shredding should be allowed.”

A number of companies, including Iron Mountain and Sungard, have established programs for the certified erasure of magnetic media.

EMC also has added to Enginuity the ability to dynamically partition cache memory to provide resource allocation to applications and a set of controls called Symmetrix Priority Controls, which manage multiple application workloads. In this scenario, ERP or messaging applications could be partitioned off from each other on Tier 1 and Tier 2 Fibre Channel storage, while backup applications or testing could be relegated to a Tier 3 Serial ATA partition, for example.