DataSecure / EdgeSecure / KeySecure

The Ingrian product line is focused on the encryption of data, and the management of the encryption keys used to encrypt data. The various hardware appliances offer a centrally managed means to implement encryption policies at the field, column, or file level using AES, 3DES, RSA, and other algorithms. Data is encrypted both at rest on the host server as well as when it is saved to storage systems; with all encryption processing occuring in the Ingrian hardware itself, offloading the encryption processing from the host server. The Ingrian appliances provide features for the encryption itself, as well as key management, logging, auditing, and policy definition; with encryption keys never actually leaving the Ingrian appliance.

Integration capabilities of the platform include APIs that facilitate the deployment and use with Web servers, application servers, databases, z/OS mainframes, and application environments (via an XML, JCE, MSCAPI, ICAPI, .Net, or PKCS#11 interface). Specific database integration capabilities include support for database schema changes, migration of selected fields from clear text to ciphertext, installation of triggers and views for application transparency, and support for key rotation.

HA options of the appliances include support for redundant, load balanced appliance deployments as well as optional redundant components within the appliances including fans, power supplies, processors.

Ingrian's product platform currently includes four primary components:

- DataSecure: The primary hardware appliance in the product family facilitating all of the features described above and offered in 3 flavors depending on processing needs: The i116, supporting 11,000 encryptions per second; the i416, supporting over 50,000 encryptions per second; and the i426, supporting over 100,000 encryptions per second.

- EdgeSecure: An enforcement/interaction point for remote deployments. The EdgeSecure combines with a central DataSecure (at the corporate location), from which the EdgeSecure receives all of its management policies, logging, reporting, software upgrades, etc.

- KeySecure: A key management only appliance designed to be integrated with existing encryption platforms and providing for them a centralized and dedicated key management point.

- Software connectors: Software that is deployed to the managed Web/file/database etc. servers themselves and provides the interface to the Ingrian appliances. Connectors feature embedded load balancing, health checking, and connection pooling functions for clustered Ingrian deployments. A Connector is required to be deployed to each server managed by the DataSecure / EdgeSecure / KeySecure product. Connectors are currently available for multiple operating systems (Windows Server, Linux, AIX, Solaris, HP-UX, z/OS, OS/400) and databases (Oracle 8i/9i/10g, SQL Server, DB2, Teradata); as well as for Web and application servers (see vendor for current specifications). New to the Connectors is support for Oracle 11g, which is due to be available by the end of 2007.

Both the DataSecure and KeySecure appliances are FIPS 140-2 Level 2 and Common Criteria EAL2 validated.

The Ingrian product line is available now. DataSecure pricing starts at $15,000 (for the i116), a price that does not include the Connector software (which is priced separately).

Visit the vendor's Web site for further information.