New security requirements are transforming SAN encryption
The emergence of AI has lowered the threshold for cybercriminals to successfully attack critical infrastructure. To address this increased threat environment, new regulatory frameworks such as the Cyber Resilience Act (CRA), NIS2, and CNSA 2.0 are driving stricter security requirements for industries with mission-critical workloads. This makes it no longer a box to check or nice-to-have but essential for industries such as banking, retail and government to ensure compliance with end-to-end encryption. We studied Broadcom’s latest security practices and upcoming new features to help you ensure compliance with the new regulations when using Brocade products, especially with DCI.

Quantum-resistant encryption explained
One of the main new regulatory requirements to counter the increased risks from AI-powered attacks is “quantum-resistant encryption” (also referred to as quantum-safe or quantum-proof), especially for banks and government agencies.
Quantum computers are making traditional encryption methods obsolete. The massively increased computing power they offer could overpower weaker encryption methods quickly enough to make cyberattacks more effective. To be prepared for this future threat, to better counter the current more perilous threat environment and set a recognized and uniform encryption standard, regulators have defined quantum-resistant encryption.
Quantum-resistant means that the encryption method used is strong enough to hold up against even a quantum computer-equipped attacker. As an example of the regulatory requirements, the US government’s CNSA 2.0 suite mandates quantum-resistant cryptographic algorithms for everything delivered to US government agencies by 2030. The EU is expected to introduce similar requirements, and this will quickly become the global requirement and standard for encryption.
The safe and compliant way to secure SANs
To find the most secure solution for your mission-critical SAN, you need to be on top of some more key terms in addition to quantum-resistant encryption.
Here’s a breakdown of what to look for to secure your SAN:
- AES-256 is the encryption algorithm that is the standard for quantum-resistant and is set out in the upcoming regulations
- On-the-fly encryption protects data in transit both within and between data centers (including synchronous mirroring)
- Session-based encryption is much more secure because new keys are used for each session, before anyone has time to crack the old keys
- End-to-end encryption means complete and automated server-to-storage encryption
Top 3 changes with Broadcom end-to-end encryption
In 2025, Broadcom is introducing new solutions for end-to-end encryption directly in their switches, which is based on session-based encryption. The strong quantum-resistant AES 256 algorithm is already implemented in Brocade solutions today and will continue to be the standard going forward.
These security upgrades have some significant implications. Here are three key considerations for you to have in mind:
- Encryption will be much easier to deploy in Brocade switches and directors with automation. Software from Brocade’s business unit Emulex will handle everything for you, checking if encryption is supported and automatically generating keys.
- You will need newer generations of Brocade switches and directors to benefit from these significant security enhancements. Brocade Generation 5 support is set to end in 2025, and going for Brocade Gen 7 is the best way to ensure you’ll be secure and compliant.
- Layer 1 transport encryption will be largely unnecessary as end-to-end encryption directly from server to storage already covers both medium and long distances. This means you won’t need to invest in transponders or muxponders for your synchronous mirroring only for the sake of encryption. You can benefit from the cost efficiency and simplicity of pluggable optics with Brocade switches and directors.
The only certified embedded optics with Brocade Gen 7
Smartoptics is the only vendor whose complete end-to-end solutions are layer 1 tested by Brocade. Also, our 16G and 32G embedded transceivers are the only certified optics for Brocade Gen 7. This way, you can be sure that your optics will work with Brocade Gen 7 so you can get the most out of the latest security features.
By using Smartoptics with Brocade, you can enjoy the benefits of embedded networking, plugging transceivers directly into Brocade switches and directors. For security, you can rely on Broadcom for in-transit data protection. This keeps your network footprint and costs lower when you don’t need a transponder or muxponder for some other reason besides layer 1 encryption.
Learn more about the Smartoptics Brocade Collection

Get the Brocade Gen 7 guide
Download the guide to get everything you need to know to upgrade and set up your DCI for optimum performance with Gen 7

Get the Brocade Gen 7 guide
Download the guide to get everything you need to know to upgrade and set up your DCI for optimum performance with Gen 7
Related articles

Why 100G coherent transceivers are the talk of the town and how they compare to PAM4

Unlocking the Power of Open Optical Network Planning with GNPy and SoSmart Planner
