New security requirements are transforming SAN encryption

Quantum-resistant encryption explained

One of the main new regulatory requirements to counter the increased risks from AI-powered attacks is “quantum-resistant encryption” (also referred to as quantum-safe or quantum-proof), especially for banks and government agencies. 

Quantum computers are making traditional encryption methods obsolete. The massively increased computing power they offer could overpower weaker encryption methods quickly enough to make cyberattacks more effective. To be prepared for this future threat, to better counter the current more perilous threat environment and set a recognized and uniform encryption standard, regulators have defined quantum-resistant encryption. 

Quantum-resistant means that the encryption method used is strong enough to hold up against even a quantum computer-equipped attacker.  As an example of the regulatory requirements, the US government’s CNSA 2.0 suite mandates quantum-resistant cryptographic algorithms for everything delivered to US government agencies by 2030. The EU is expected to introduce similar requirements, and this will quickly become the global requirement and standard for encryption.

The safe and compliant way to secure SANs

To find the most secure solution for your mission-critical SAN, you need to be on top of some more key terms in addition to quantum-resistant encryption. 

Here’s a breakdown of what to look for to secure your SAN:

• AES-256 is the encryption algorithm that is the standard for quantum-resistant and is set out in the upcoming regulations 
• On-the-fly encryption protects data in transit both within and between data centers (including synchronous mirroring) 
• Session-based encryption is much more secure because new keys are used for each session, before anyone has time to crack the old keys 
• End-to-end encryption means complete and automated server-to-storage encryption

Top 3 changes with Broadcom end-to-end encryption 

In 2025, Broadcom is introducing new solutions for end-to-end encryption directly in their switches, which is based on session-based encryption. The strong quantum-resistant AES 256 algorithm is already implemented in Brocade solutions today and will continue to be the standard going forward. 

These security upgrades have some significant implications. Here are three key considerations for you to have in mind:

1. Encryption will be much easier to deploy in Brocade switches and directors with automation. Software from Brocade’s business unit Emulex will handle everything for you, checking if encryption is supported and automatically generating keys.
2. You will need newer generations of Brocade switches and directors to benefit from these significant security enhancements. Brocade Generation 5 support is set to end in 2025, and going for Brocade Gen 7 is the best way to ensure you’ll be secure and compliant.
3. Layer 1 transport encryption will be largely unnecessary as end-to-end encryption directly from server to storage already covers both medium and long distances. This means you won’t need to invest in transponders or muxponders for your synchronous mirroring only for the sake of encryption.  You can benefit from the cost efficiency and simplicity of pluggable optics with Brocade switches and directors.

The only certified embedded optics with Brocade Gen 7

Smartoptics is the only vendor whose complete end-to-end solutions are layer 1 tested by Brocade. Also, our 16G and 32G embedded transceivers are the only certified optics for Brocade Gen 7. This way, you can be sure that your optics will work with Brocade Gen 7 so you can get the most out of the latest security features.  

By using Smartoptics with Brocade, you can enjoy the benefits of embedded networking, plugging transceivers directly into Brocade switches and directors. For security, you can rely on Broadcom for in-transit data protection. This keeps your network footprint and costs lower when you don’t need a transponder or muxponder for some other reason besides layer 1 encryption.

Learn more about the Smartoptics Brocade Collection