Datrium The Only Convergence Platform to Achieve FIPS 140-2 Cryptographic Certification
Datrium’s Blanket encryption is an already an industry-first, providing software-based (without hardware dependencies) end-to-end encryption. Datrium’s client software runs as part of the hypervisor and is uniquely able to provide cluster-wide encryption domain with full data services, such as compression, de-duplication, and erasure coding.
The encryption covers ESXi, RedHat Enterprise Virtualization and CentOS KVM host RAM buffers, the host SSDs, the data nodes HDDs and SSDs, the data in-flight between hosts and data nodes, and also the data stored in data nodes NVRAM.
Protecting data-at-rest has become a top priority for organizations. However, despite growing awareness, encryption of data in-flight is consistently overlooked. Nowadays in-flight data is most vulnerable to perpetrators that can tap into the network connections given the widespread use of IP network protocols; security measures for data in storage come to nothing if in-flight data is not safeguarded as well.
Datrium’s encryption uses FIPS 140-2 AES-XTS-256 military grade crypto algorithm and leverage Intel Intelligent Storage Acceleration Library (Intel ISA-L) with Intel AES new encryption instructions set (Intel AES-NI), that can provide a <5% performance hit at the worst-case scenario. Recognizing that software-defined-storage stacks use host CPU cycles to deliver services it is essential that performance impact is minimized.
NIST and CMVP
Datrium is now certified by NIST (National Institute of Standards and Technology) and the Cryptographic Module Validation Program (CMVP). The CMVP validates cryptographic modules to Federal Information Processing Standards (FIPS)140-2, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The Federal Agencies accept the modules approved as conforming to FIPS 140-2. Learn more about it here on the NIST website.
Read the entire article here, Datrium The Only Convergence Platform to Achieve FIPS 140-2 Cryptographic Certification – myvirtualcloud.net
Via the fine folks at Andre Leibovici at myvirtualcloud.net