Assureon. Scalable Secure Storage Appliance

Storage systems no longer have to be unintelligent repositories of unprotected data. In the wake of numerous security breaches where sensitive and confidential information has been compromised and the enforcement of multiple compliance regulations, businesses and organizations are demanding higher levels of intelligence and protection.

Nexsan's Assureon is the first secure storage appliance - a complete solution that combines advanced encryption with content addressed storage, ILM technology and other patent-pending security features into a single, fully integrated disk-based system.

Assureon is a solution for primary and critical concerns of today's businesses and organizations - the security, authenticity and accessibility of the information being stored and managed.

Secure Storage -

The scalable plug-and-play Assureon solution incorporates high-density disk hardware combined with robust technology designed to store, manage, protect, dispose of and provide fast, easy access to fixed content and reference data in a cost-effective manner. Assureon is also media independent - in addition to disk, it supports removable media such as tape and optical. This allows user's to benefit not only from the high level of security provided by the encyrption on their tapes, but also from Assureon's CAS single instance store technology, which reduces storage consumption and costs. If private and sensitive information is first stored on Assureon, the secure encryption process prevents any unauthorized access to the information, including security breaches and attacks, regardless of media.

Advanced Features -

• Single Instance Store: Assureon's CAS technology enables single instance store, whereby only one copy of a data object is kept. For example, if different individuals in multiple departments are all saving the same PowerPoint presentation, Assureon can identify that they are duplicates based on their CAS address, and only store one copy resulting in less storage needed, reduced network bandwidth and overall cost.
• Authentication and Integrity: Assureon technology verifies that all files and file metadata has not been tampered with or corrupted.
• Immutability: An object placed under Assureon management cannot be changed or erased until the end of its retention period.
• WORM functionality: the Assureon system provides Write Once, Read Many functionality
• Business Continuity Protection: Assureon supports remote replication of assets across the WAN and can be configured to keep duplicate files at a remote site.
• Fail-safe CAS Technology: Assureon utilizes a dual cryptographic process (hashing algorithm) to create its unique CAS address, which ensures the integrity of the file and no loss of information through potential data collisions.
• File Level Retention Enforcement: Assureon enforces retention polices at the object level allowing different retention periods to be placed on files based upon their importance to an organization.
• Assignment of Retention Periods: Assureon will assign a retention period based either upon a 3rd party application (ex. document management system or an email management package) or Assureon can place the appropriate retention policy based upon its own file watcher program.
• Access Speed: Assureon enables immediate online access to reference data as opposed to traditional offline storage.
• Enabling Information Lifecycle Management (ILM): ILM requires more than storage hardware and software to be successfully implemented. Assureon is a powerful tool that automates the operational steps (Classify, Place, Protect, Archive, Access, Expire) of the lifecycle process for reference data within an organization.
• Audit Trails for Compliance: Assureon meets many requirements of the numerous compliance     laws and privacy regulations including:
     -Digital Time Stamped Records - a requirement of FDA regulations
     -Serialization - a requirement of SEC regulations.
     -User Access Trail - a requirement of HIPAA

Technology -

Assureon is based upon a combination of CAS (Content Addressable Storage) with advanced 256-bit AES encryption and other security and data protection technologies. CAS technology produces a unique file identifier or "fingerprint"for all objects, based on their content. Assureon's object storage model stores files, images, recordings, web pages, etc, as objects with a unique universal identifier. This approach differs from traditional file system models, where an application or user names the file and then places it in a hierarchical file system. Traditional file system models suffer from a lack of scalability and a high management cost.

In an object model, the archived physical object is completely separate from the logical location or application. Administrators can be relieved of performing typical storage housekeeping tasks, such as formatting file systems, creating volumes and binding LUNs (logical unit numbers).

Assureon's CAS technology provides:

Immutability - because each file fingerprint is based on the specific bit pattern of that file, if a bit is changed then the file fingerprint would be different. Assureon does not allow changes and will detect if any tampering has occurred.
Single-instance storage - one copy of each file is stored, regardless of how many users write that file to storage, giving significant storage-use efficiency.
Scalability - Additional storage can easily be added
Reduces Storage Management Cost - Storage housekeeping tasks, such as formatting file systems, creating volumes and binding LUNs are not necessary
Load Balancing - Enables a uniform distribution of files across available storage locations. Assureon's load balancing enhances performance and enables storage to scale into the petabytes

Encryption with patent-pending secure encryption key management

Encryption a powerful tool to ensure privacy and protect against data theft. Assureon implements encryption on a file by file basis using the AES256 encryption standard. Each file has its own unique key, which is transparently and automatically handled by Assureon's secure "key manager."

Scalability - Assureon's performance and capacity scale independently

Assureon's architecture is not a "pizza box or brick" design whereby a certain number of server nodes need to be configured based upon the amount of storage and the two are locked together - if you want to scale capacity you must also scale performance. Assureon is flexible. Storage capacity can be vastly increased if needed and more server nodes can be added to the configuration for faster performance independent of each other. This allows the customer to purchase exactly what they need for their environment and, in the case of a large archive, reduces the cost per terabyte dramatically

Media Independence

In addition to disk, Assureon supports offline media such as tape and optical. By combining CAS single instance store technology with secure encryption on removable media, Assureon reduces costs and prevents any unauthorized access to stored data including security breaches, attacks and lost or stolen tapes.

Security -

Compliance and Best Practices require Better Security

Information and storage security are very important topics - privacy and data theft are at the forefront of today's customer concerns. In addition, many regulations, such as Sarbanes-Oxley, Privacy Acts, and HIPAA, spell out specific requirements for secure information access and data storage. Assureon offers powerful answers to these important requirements through the integrated technologies it is built upon - security, file disposition, the individual destruction of offline files, WORM protection and file authentication.

Encryption

Assureon can encrypt any file, using the Advanced Encryption Standard (AES256). There have been no successful attacks against AES, and it has been approved by the National Security Agency (NSA) for top secret documents. Multiple Privacy Acts, HIPAA, California 's SB 1386 and the FDA's CFR part 11 recommend or require encryption of information for security purposes. When Assureon encryption is enabled, files cannot be viewed even if a hacker manages to compromise security.

Secure Accessibility

Assureon's Access Control has three components.

• Authentication verifies that a client is who they say they are

     - Assureon optionally uses security certificates (Smart Cards)
• Authorization determines that the client has the appropriate permissions to access the     resources they are requesting. Authorization is given to an authenticated client by policies     established within Assureon and then published into Active Directory.
• Audit logs that can be used to account for any and all access to managed information.

Assured Individual Key Destruction

At the end of an information asset's retention period, Assureon destroys the file's encryption key and all access to that file. Assureon is unique in its key management capabilities in that it can identify and dispose of individual files - not only on its integrated disk storage, but also on offline media such as tape or optical.

Authentication of Information

When a file is placed under Assureon management, it is processed by dual cryptographic hash functions (MD5 and SHA-1) to create a unique identifier sometimes called hash value, digital fingerprint, CAS (Content Addressable Storage) address or UFID. This unique identifier allows the system to verify that the file has not been altered or inadvertently corrupted.

When a file is authenticated, Assureon retrieves the file, creates a cryptographic hash value for the document, and then compares it to the original cryptographic hash value that was generated when the file was placed under management. If any changes were made to the document, even down to the bit level, the hash values will not be the same and the file is not authenticated; if the hash values are identical, the file is authenticated as an original. This procees ensures the authenticity and integrity of all files stored by the Assureon system.

Back to Nexsan