IBM has announced an exciting new version of its IBM Storage FlashSystem Software v8.7.2 (previously know as Spectrum Virtualize),packed with robust features and significant enhancements aimed at improving data management and security. One of the standout features in this release is the Internal Key Management for encrypted data-at-rest, a significant leap in simplifying encryption management.
Encryption is a cornerstone of data security, IBM Storage FlashSystem uses cryptographic methods to ensure data remains confidential and inaccessible to unauthorized users. 
Traditionally, IBM FlashSystem has supported encryption through:  
- USB flash drives
- External Key servers like IBM Security Guardium Key Lifecycle Manager and several other
 
With the introduction of Spectrum Virtualize v8.7.2, user can now opt for another impressive alternative
Internal Key Management
This innovative key management feature eliminates the need for external hardware or servers, using the internal boot drive to manage the system’s main encryption key. Here’s why this matters:  
Simplified Key Management - Internal Key Management offers a one-step interface to configure and manage encryption, reducing the complexity of external methods like USB drives or key servers.  
Automatic Key Rekeying - To comply with stringent security policies, the system automatically regenerates encryption keys every 24 hours without user intervention.  
Secure Key Storage and Distribution - The Trusted Platform Module (TPM) chip encrypts the main encryption key and securely stores it on the internal boot drive of each system node. This ensures secure key distribution across nodes during key enablement, rekeying, and recovery processes.  
Non-disruptive Seamless Migration - Users can switch from external encryption methods (USB or key servers) to Internal Key Management without affecting already-encrypted objects.  
Non-Disruptive Seamless Migration
Organizations already using external methods, such as USB drives or key servers, can switch to Internal Key Management without any disruptions to their encrypted objects or workflows. Its non-disruptive migration without compromising access to encrypted data. Your existing encrypted objects remain unaffected, ensuring continuity and eliminating downtime. Very simple , well guided steps ensure a smooth transition, making it easier for IT teams to adopt the new system.
This non-disruptive migration capability makes adopting Internal Key Management an attractive option for organizations looking to enhance their encryption processes without operational hurdles.
Best Practices
- Encryption Recovery Key Configuration : It’s strongly recommended to configure a recovery key alongside the internal key management system for additional resilience in disaster recovery scenarios.  
- Avoid Dual Configuration : Configuring both internal and external encryption methods simultaneously is not advised, as it can lead to conflicts and complications.
The addition of Internal Key Management simplifies encryption for organizations, eliminating the overhead of maintaining external methods while adhering to strict security protocols.It also offers highest degree of disaster resilience by providing a way to recover the key lost due to multiple domain failure or unforeseen faults using recovery key option. This is particularly beneficial for businesses striving to streamline operations and enhance the protection of sensitive data. 
IBM Storage FlashSystem v8.7.2 underscores IBM’s commitment to advancing data security while ensuring ease of use.
For more information on switching to Internal Key Management, visit IBM Storage FlashSystem Internal Key Manager 
 
#Highlights#Highlights-home