Assessing Security Risks; Managing Organizational Risks; Data Security Implementations; Hp Storage Security Solutions - HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays Reference Manual

Compliance validation—Proof of compliance is required by government and industry regulations.
You must establish control points that ensure repeatable processes, assignment of responsibilities,
and role separation. You must be able to prove that policies are being enforced for internal and
external audits.

Assessing security risks

This section describes best practices for assessing and addressing security risks.

Managing organizational risks

Managing organizational risks involves the following actions:
Protecting IT resources
Protecting data in all states (at-rest, in-transit, or in-use)
Providing validation to internal and external auditors
The HP Secure Advantage solution addresses these security issues using a suite of integrated products.
Integration of encryption and key management technologies with identity management in a hardened
infrastructure ensures that the correct data is delivered to the intended users. Secure Advantage
provides the best layered end-to-end security approach with identity management at the network,
system, service, and application layers. It ensures a robust and proactive security framework.

Data security implementations

Data security implementations are categorized as follows:
Storage network—Consists of switches, appliances, and cables. Switches and appliances come
with support to protect themselves. The storage network components support key management,
encryption services, and authentication of server and storage arrays.
Servers—Consists of hardware, operating systems, interface cards (NICs and HBAs), and applic-
ations (also known as hosts). Each component comes with support for protecting itself. The interfaces
cards support authentication and secure tunnel.
Storage arrays—Consists of groups of disks or tapes that use a management application, which
protects the resources through authentication. Storage arrays will support native encryption in the
future.

HP storage security solutions

This section describes HP storage security solutions for the following products:
C-series Storage Media
C-series SAN-OS
C-series IP SAN
B-series Encryption Switch and Encryption FC Blade
B-series Fabric OS
Key management, page 415

C-series Storage Media Encryption

SME is a standards-based encryption solution for heterogeneous and virtual tape libraries. SME is
managed with the Cisco Fabric Manager web client and a command-line interface, which supports
unified SAN management and security provisioning. SME is a comprehensive network-integrated
Encryption, page 407
security, page 408
security, page 409
security, page 411
security, page 410
SAN Design Reference Guide 407