Manualshelf

HP-UX 11i Encrypted Volume and File System (EVFS) Best Practice (2009)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
3
Overview
Laws and standards, these days, are more stringent for businesses to ensure the safety of
sensitive consumer data. Data confidentiality breaches affect millions of people and result in
millions of dollars in direct costs, and even more in indirect costs. The Ponemon report [1] found
that data breaches in 2008 cost U.S. companies average cost of $6.65 million per incident, up
from $6.3 million in 2007. Because of these breaches, there are several laws and regulations
that relate to data retention and data elimination or sanitization on data storage devices such as
hard disk drives. Some of the US requirements are:
Health Information Portability and Accountability Act (HIPAA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
Gramm-Leach-Bliley Act (GLBA)
California Senate Bill 1386
Sarbanes-Oxley Act (SBA)
SEC Rule 17a
HP-UX 11i Encrypted Volume and File System version 2.0 (EVFS v2.0.0) is the latest offering in
a lineup of HP-UX 11i security features that provide layered security and in-depth protection. At
its core, EVFS provides a fast and efficient software-based data encryption service for the HP-UX
11i operating systems. This service is provided in a transparent manner, which means that no
application-level changes are needed.
EVFS can be used with confidence because it encrypts data using the Advanced Encryption
Standard (AES). AES is a block-cipher algorithm adopted as an encryption standard by the U.S.
Government. The current release of EVFS provides both file level and volume level encryption
protection. See HP-UX 11i EVFS 2.0 Administration Guide [2] for further detail.
According to many customer surveys, the top barriers and concerns for implementing data
encryption solution are:
Cost of implementation,
Complexity of key management,
Data loss (confidence of recovery) and
Performance.
HP-UX 11i EVFS has been developed and designed to address these concerns:
Barrier EVFS solution
Cost
EVFS is available as a no cost download with HP-UX. No additional
hardware is required.
Complexity of
key management
EVFS has built-in key management. No external key management
system is required. Wrapped encrypted keys are always associated
with the encrypted content through the EMD header and not managed
separately.
Data Loss
Data recovery agent can be provisioned to recover encrypted data.