Tuesday, May 7, 2013

Secure Data-at-Rest with the IBM DS3500 SAN

The new Controller Firmware (CFW) 7.84 release for the IBM System Storage DS3500 introduced several powerful premium features. One premium feature of particular interest to many industries is the Full Disk Encryption (FDE) capabilities. Through these capabilities, the IBM DS3500 is now able to provide data-at-rest encryption, which meets a variety of regulatory requirements.

The IBM DS3500 SAN meets these regulatory requirements by offering continuous data security through 300GB and 600GB Self Encrypting Drives (SEDs). The SEDs provide the IBM DS3500 with full drive-level encryption that is easily managed through the IBM Disk Encryption Storage Manager for relentless data security.

Full disk encryption prevents unauthorized access to data resulting from the actual, physical removal of the SED from the IBM DS3500 SAN. This is accomplished via “Instant Secure Erase”, whereby an operator performs a secure erase prior to removal of a drive, or via “Auto-Locking”, which locks a drive whenever it is powered down.  However, it does permit transparent access to the data when the drives are unlocked and operating. When drive security is enabled on the array, it restricts data access to a controller with the correct security key.

Since the disk drives being used are self-encrypting, they also protect the data by generating an Encryption Key that never leaves the drive. Because the data is stored in encrypted form, through symmetric encryption and data decryption at full disk speed, there is no impact to the disk performance.

Through these new, powerful full disk encryption capabilities, the IBM DS3500 SAN can now meet the regulatory requirements for a wide range of industries, including HIPAA regulations resulting from Meaningful Use Phase 2. To learn more about the impact of Meaningful Use Phase 2 on Healthcare IT, click here.


  1. Fine way of telling, and pleasant article to obtain facts about my presentation focus, which i am going to present in institution of higher education.
    EDI Solution

  2. To protect the data from theft, the user provides a password. This password is used by the drive to encrypt or decrypt the media encryption key. In this way even the media encryption key cannot be known without knowing the password.
    iDeals data room service