Datrium Introduces Industry-First Blanket Encryption for Private CloudsMarch 1, 2017
Datrium, the leading provider of Open Convergence for cloud builders, today announced Datrium Blanket Encryption, an industry-first software product that combines always-on efficient deduplication and compression technology with high-speed, end-to-end encryption: in use at the host, in flight across the network and at rest on persistent storage.
The number of breaches within the US have quadrupled from 2005 to 2015, and the year 2016 accounted for seven of the ten biggest data breaches ever. With threats rising, the requirement to encrypt data everywhere – from host-to-storage, between hosts, and between sites – is becoming standard. However, leading storage arrays and hyper-converged systems only protect data at rest and do not protect against host or network intrusions. Guest operating systems and hypervisors offer encryption at the source, but at the expense of data reduction required by the economics of modern flash storage.
Security and Economics Without Compromise
Datrium offers a fundamentally new and comprehensive approach. By deduplicating and compressing data, then encrypting while it is still in the application host’s memory (RAM), Datrium Blanket Encryption can then move data across hosts, networks and storage that is always encrypted and efficient.
"At Security On-Demand, we have pioneered ground-breaking cloud-based services in security and threat management. Encrypting data in-flight and at-rest is critical, but without data reduction, it adds cost to the protection every business needs," said Joel Holland, Chief Technology Officer at Security On-Demand. "The fact we can now get Blanket Encryption from Datrium that dedupes, compresses and encrypts data from application-to-disk is mind-blowing, and makes Open Convergence a no-brainer as a part of our secure cloud infrastructure."
Simpler Data Security
Like the Datrium DVX Open Convergence platform itself, Blanket Encryption was designed to make private clouds simple. It includes a built-in key management system so that more complex options are not required. With one step, all new data in the DVX data store will be protected.
Blanket Encryption is 100% software, leveraging a silicon-based instruction set in each server for speed, so it has virtually no impact on the DVX’s award-winning high performance. With more conventional SED-based approaches, adding encryption requires the purchase of new arrays or hyper-converged systems, adding expense and silos across the private cloud environment. Blanket Encryption is software-based, so encryption can be applied to any existing DVX well after initial purchase.
"Common wisdom was that encryption from host-to-storage lacked data reduction and suffered intolerable economic tradeoffs, forcing companies to settle for little more than ‘check-box data security’ with at-rest encryption from arrays or hyperconvergence," said Arun Taneja, founder, president and consulting analyst at Taneja Group. "Datrium has shattered the myth, demonstrating that end-to-end encryption in concert with deduplication and compression is not only possible, but deliverable."