Edge sites require leaner infrastructure than traditional datacenters, making physical attack the most likely security threat that an edge site will face. Therefore, a critical aspect of security for edge sites is encryption. Unfortunately, a fundamental part of encryption is key management, something that can be almost impossible to implement over lots of edge and branch sites.
The most effective edge sites can also be the most vulnerable. Small and remote sites that enable hyperconverged infrastructure across two nodes benefit from a range of datacenter-class technologies that are not available to sites that rely on a physical SAN. These include centralized management, and lightweight high availability, but these sites are also likely to rely on active-active mirroring to provide that high availability, meaning all of your data can be stolen by taking a single x86 server.
However, the threat of physical attack shouldn’t dissuade edge sites from benefiting from hyperconverged infrastructure. There are multiple ways in which edge sites can protect themselves – to varying extent – including self-encrypting drives and encryption software. Although, both of these solutions come with their own issues and complexities.
StorMagic makes the complex simple. The data encryption feature within our software-defined virtual SAN product, SvSAN, provides FIPS 140-2 compliant encryption, in order to secure edge sites without the complexity or premium costs associated with other solutions. The encryption keys can then be handled by StorMagic SvKMS encryption key management.
The beauty of protecting your edge sites with encryption and integrated key management is that it does not interfere with the management of your sites. You can still run thousands of branch sites from one centralized location, as you would with any HCI deployment, and the only difference is that you don’t need to worry about your data being compromised if one of your nodes is stolen.
Peace of mind, simplified.