Emulex Secure host bus adapters (HBAs) from Broadcom now include post-quantum encryption algorithms and zero trust architecture to secure storage area network (SAN) data in flight.
HBAs are the endpoints in a Fiber Channel network connecting block access storage arrays to servers in what’s called a SAN. If data crossing the network is not encrypted, it could be accessed and copied. Encrypting HBAs secure all data crossing the SAN. Quantum computers, when and if developed, could potentially break existing encryption algorithms, necessitating the development of new cryptographic methods to prevent such attacks. Post-quantum cryptography is based on mathematical problems that are believed to be resistant to quantum attacks.
Various government mandates, including the United States’ Commercial National Security Algorithm (CNSA) 2.0, the European Union’s Network and Information Security (NIS) 2, Digital Operational Resilience Act (DORA), and other regulations require enterprises to update IT infrastructures with post-quantum encryption algorithms and zero trust architecture.
Jeff Hoogenboom, Emulex Connectivity Division VP and GM at Broadcom, stated: “Customers are seeking ways to protect themselves against crippling and expensive ransomware attacks as well as complying with new government regulations mandating all data be encrypted.”
He said the Emulex Secure HBA encrypts all data across all applications, unlike application-level encryption. The devices feature:
- Encryption algorithms support CNSA 2.0, DORA, and NIS2 mandates.
- Zero trust platform with Security Protocol and Data Model (SPDM), cryptographic authentication of endpoints, and silicon root-of-trust authentication.
- Compliance with the NIST 800-193 framework – secure boot, digitally signed drivers, T10-DIF, and more.
- Dedupe/compression storage services remain intact.
- Runs on existing Fiber Channel infrastructure.
- Cryptography offloaded to hardware, providing encryption with no performance impact.
- Simple session-based key management with on-demand key generation; transparent and compatible with existing operating systems, applications, and SAN management tools.
HBA manufacturers apart from Broadcom include ATTO, Cisco, and Marvell. Cisco supplies encrypting MDS 9000 series SAN switches, which apply the Fiber Channel Security Protocol (FC-SP) between switches, but not between the HBA and the switch.
The FC-SP is not inherently resistant to post-quantum attacks.
Marvell QLogic 2780 series 32 Gbps HBAs feature StorCryption to encrypt data in flight between initiator and target endpoints across a Fiber Channel SAN. StorCryption complies with the FC-SP-2 standard and these HBAs incorporate a hardware root of trust that prevents malicious firmware from hijacking the HBA.
Emulex 32G and 64G Secure HBAs are now available and shipping in 1, 2, and 4-port configurations. Get more information here and read a Storage Review article about the device here.
