EMAIL
DECRU DataFort appliances combine secure access controls, authentication, storage encryption, and
secure logging to provide unprecedented protection for sensitive stored data. Because DataFort
protects data at rest and in flight with strong encryption, even organizations that outsource
IT management can be sure their data assets are secure. In short, DataFort offers a powerful and
cost-effective solution to address a broad range of external, internal, and physical threats to
sensitive data.
MAXIMUM DATA SECURITY
Decru DataFort™ appliances combine secure access controls, authentication, storage encryption, and secure logging to provide unprecedented protection for sensitive stored data. Because DataFort protects data at rest and in flight with strong encryption, even organizations that outsource IT management can be sure their data assets are secure. In short, DataFort offers a powerful and cost-effective solution to address a broad range of external, internal, and physical threats to sensitive data. HARDENED ARCHITECTURE
DataFort hardware was designed from the ground up for maximum security. At the heart of the system is Decru's Storage Encryption Processor (SEP) — a robust hardware engine enabling full-duplex, wire-speed encryption and key management. Decru's SEP, clustering and key management have passed certification testing for FIPS 140-2 level 3. DataFort's AES-256, SHA-1 and SHA-256 encryption implementations have also been certified by the National Institute for Standards and Technology (NIST.)
ROBUST ENCRYPTION STANDARDS
Decru DataFort incorporates strong AES-256 encryption, optimized by Decru for protecting stored data. DataFort uses a True Random Number Generator (TRNG) to create keys, and cleartext keys never leave DataFort's secure hardware, offering the highest level of security against attacks.
COMPARTMENTALIZATION
Security administrators can compartmentalize aggregated data in shared storage using Cryptainer™ storage vaults. Cryptainer vaults cryptographically partition stored data, and provide an additional layer of threat containment. DataFort also supports the creation of cleartext Cryptainer vaults, which enable administrators to enforce access controls centrally, but leave less sensitive data unencrypted.
LIFETIME KEY MANAGEMENT™
Decru's Lifetime Key Management™ system (LKM) securely automates the archiving and recovery of encryption keys across the enterprise, ensuring data stored for decades can be decrypted. A software recovery tool ensures access to data in the event that DataFort hardware is rendered inoperable.
AUTHENTICATION AND ACCESS CONTROLS
DataFort provides a powerful, single point of secure access controls and authentication for heterogeneous client and storage environments. DataFort integrates transparently with directory servers such as LDAP, Active Directory and NIS, and adds a layer of hardware-based policy enforcement that prevents common attacks. DataFort also incorporates smart cards to ensure that only authorized DataFort administrators can configure and manage the DataFort. In SAN environments, DataFort can use Host Authentication to further lock down the fabric.
STORAGE VPN
In Ethernet environments, DataFort can secure data in flight from the desktop or server with integrated Storage VPN features. DataFort supports IPsec or SSL with hardware-based acceleration, and WebDAV support enables secure, drag-and-drop access to networked storage for remote users or partners over the Internet.
SECURE LOGGING
Each DataFort keeps a cryptographically signed log of activities. Reports are fully customizable to track relevant events, including failed authentication attempts, Cryptainer access, administrative actions, or intrusion.
CRYPTOSHRED™ KEY DELETION
CryptoShred simplifies the process of permanently deleting data. By deleting an encryption key, all copies of associated data are instantly destroyed, regardless of physical location. CryptoShred provides vital functionality for a range of applications, including regulatory compliance, hardware redeployment or disposal, and protection for data in harm's way.
EASY TO DEPLOY
DataFort fits seamlessly into the existing storage infrastructure, adding critical security without impacting network performance or user workflow. Security advantages are realized without installing software on clients, servers or hosts, and authorized users can read, write and modify files as they always have, without changing their workflow.
OPERATIONAL TRANSPARENCY
DataFort is implemented as a transparent storage proxy: to clients or hosts, DataFort looks like storage, and to storage, DataFort looks like clients or hosts. DataFort appliances natively support CIFS, NFS and Fibre Channel protocols for maximum transparency. Because only the payload is encrypted, existing applications - such as backups and restores - can function without modification.
EASY TO MANAGE
DataFort can be installed in less than 60 minutes, and ongoing administration is simple and straightforward via a Web-based management interface. Industry-standard tools like SNMP and syslog can be used for monitoring, and DataFort's robust CLI allows scripting for common management tasks.
ENTERPRISE-CLASS RELIABILITY
DataFort hardware is built for maximum availability with minimal moving parts and no internal disks. DataFort can be installed in clusters for automatic fail-over and load balancing.
DEPLOYMENT
Decru DataFort is highly flexible and can be placed in a variety of locations within a storage network.
In a simplified example of a NAS environment, DataFort
is shown on the IP network, between departmental
clients and the file server or NAS appliance.
|
 DataFort can also be installed in clusters for high availability.
|
