EMC Tuesday rolled out a new version of its Symmetrix operating system that incorporates security features from its US$2.1 billion acquisition of RSA Security in 2006.
EMC debuted its Enginuity 5772 operating software for Symmetrix arrays at this week's RSA Conference in San Francisco. The new release includes three security-focused components:
- Audit Log, which provides a tamper-proof view of management and support actions.
- Symmetrix Service Credential, which prevents unauthorized service actions.
- Certified Data Erasure, a facility aimed at eliminating exposure to data theft for Symmetrix disks.
"Auditability is actually very, very important," says David Hill, senior analyst for the Mesabi Group. "The Federal Rules of Civil Procedure were passed on Dec.1, and one thing that applies to compliance and governance is the concept of auditability, which deals with data as evidence and a chain of custody."
Each Symmetrix array contains an onboard service processor that is used to remotely monitor the storage array. The new Symmetrix Service Credential component, which is built on RSA SecurID technology, authenticates users who have valid access to the service processor and can enforce different credentials by user, action, system or time. In every case, access is by an encrypted credential and user password. This capability complements existing Symmetrix Access Control authorization features. In the future, EMC hopes to supplement this capability with use of the RSA SecurID hardware authenticators.
EMC's new data erasure options include a service, delivered through the company's global services group, for drives that have been removed from Symmetrix arrays, as well as a software-based offering for failed disks. The Certified Data Erasure technology lets customers shred data on a disk at the end of a lease, or when a disk drive has reached its end-of-life, for example. After erasure, EMC provides customers with a certificate that data has been successfully destroyed.