Special Section: SNW, Fall 2004 - More News From SNW:

Smartronix, Decru, NetApp Unveil Battlefield Data Secure Storage

Smartronix, Decru Inc, and Network Appliance Inc announced a secure storage solution designed for forward-deployed military environments. The Expeditionary Encrypted Data Store (EEDS) combines NetApp storage systems with Decru DataFort storage security appliances in a ruggedized, portable case. EEDS delivers reliable, intuitive storage functionality paired with powerful security features to support a broad range of missions.

Increasingly, modern military operations require forward deployment of computing systems, in environments ranging from aircraft and armored vehicles to embassies and mountaintops. These "net-centric" systems provide tremendous strategic advantages, but also expose an increasing amount of sensitive or classified data to new security threats. Forward-deployed computer systems present a particularly difficult challenge, because physical capture of mission data and software could expose vast amounts of actionable intelligence to adversaries. Due to the power of modern forensic tools, data stored on disk drives is essentially indelible, further complicating the task of sanitizing data on short notice.

The Expeditionary Encrypted Data Store solution takes a simple approach: never store mission data in cleartext format. All data and applications are secured with strong encryption, and in the event of imminent capture, warfighters can use Decru CryptoShred features to instantly delete local encryption keys by pushing a button or turning a key. Because encryption keys are stored in secure hardware, and data is never written to disk in cleartext format, deleting the keys provides instant sanitization of the entire system. Backup encryption keys are securely stored at headquarters, and can be securely injected into DataFort over the Global Information Grid, enabling rapid operational recovery from false alarms.

EEDS also enables operators to temporarily lock down systems by removing a cryptographic "ignition key" stored on a smart card. This feature enables systems to be securely transported, serviced, and deployed without exposing mission data to physical or electronic breaches. For example, a forwarddeployed data center could be provisioned with pre-staged mission data, but all data would remain in encrypted format until authorized personnel arrive with the appropriate smart cards.

EEDS Concept of Operations

In addition to providing security against physical attacks, the EEDS solution provides the security and flexibility to support a broad array of operational missions. Examples include:

• Secure storage consolidation: EEDS can be used to securely consolidate multiple separate groups or applications onto a single NetApp storage device. DataFort compartmentalizes data into Cryptainer vaults, allowing fine-grain access controls and surgical data deletion.

• Coalition data sharing: EEDS enables coalition partners or agencies to securely share data on the same system. Need-to-know access controls and crypto-signed logs ensure accountability, and ensure that only authorized coalition partners get access to shared data. This ultimately provides the combatant commander with greater operational flexibility, and enables enhanced information sharing in the field. Because the sharing partner designates the access controls and key management policies, data access can be quickly provisioned and de-provisioned.

• Insider threat mitigation: Storage and system administrators can easily manage all stored data, but EEDS does not allow unauthorized personnel to access cleartext data. This "role separation" further enforces need-to-know access, and provides greater flexibility in the selection of administrators.

Powerful NetApp storage features ensure availability and simplicity. For example, NetApp SnapMirror software enables automatic and network-efficient replication of data to ensure continuity of operations. Because the software mirrors encrypted data from one system to another, all replicated copies are secure by default. Encryption keys can be securely injected into a remote DataFort on demand when a recovery event arises, but until then no user or application at the remote site can access data.

"EEDS demonstrates the power of integrating best-of-breed technologies into a field-ready, military-grade solution. Our experience deploying rugged tactical solutions combined with our lead roles on major information assurance initiatives makes us a natural choice to partner with NetApp and Decru to deliver this enhanced security solution for our troops"," said John Parris, vice president for corporate strategy at Smartronix.

"We predict that the days of cleartext data on the battlefield are numbered," said Carl Wright, vice president of federal operations at Decru and former CISO of the U.S. Marine Corps. "The EEDS solution delivers transparent and rugged performance in the field without compromising security, performance or simplicity. We're very pleased to collaborate with Smartronix and NetApp on this project."

"NetApp's high rate of adoption across the U.S. Department of Defense is a direct result of our customer and solution focus," said Mark Weber, vice president of Federal Systems at Network Appliance. "Protection of data in harm's way is a major priority for our customers, and EEDS is the industry's first integrated solution to directly address these requirements."

Decru DataFort has received FIPS 140-2 Level 3 certification, as well as NIST certification for AES-256 and SHA-256, and is underway with Common Criteria certification with a target assurance level of EAL-4+. NetApp and Decru received DoD 5015.2 certification in Sept. 2003, including certification of CryptoShred functionality for document shredding. NetApp and Decru solutions have been deployed by customers in sectors including financial services, healthcare, high technology, aerospace and government.