Pure Storage FlashArray
From the Pure Storage documentation: Pure Storage, with a continuous emphasis on simplicity, has implemented rigorous security measures, including AES-256-bit encryption, data erasure, rapid data locking technologies, key management, and a robust encrypt/decrypt process. These features meet or exceed internationally recognized security standards such as FIPS 140-2, NIAP/ Common Criteria, and PCI-DSS. Coupled with comprehensive organizational security measures, FlashArray can help customers meet security requirements and data compliance regulations around the world – including the recently updated GDPR. We have achieved this without compromising product serviceability, performance, or our industry-leading data reduction capabilities.
The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. You can create keys on a server and then retrieve them, possibly wrapped by other keys. KMIP supports both symmetric and asymmetric keys, including the ability to sign certificates. KMIP also enables clients to ask a server to encrypt or decrypt data, without needing direct access to the key.
Pure Storage's Rapid Data Locking (RDL) feature enables a FlashArray device to create a secondary user-controllable key on a KMIP server, such as the , by using the KMIP protocol. You can use the key you create on the subsequently to unlock the array's flash modules. This makes it possible to quickly and completely lock down an array simply by revoking the remote key and powering off the FlashArray.