Hardware & Infrastructure
04:55 PM
Connect Directly

Secure Storage Must Be A Higher Priority

Few vendors have tackled the issue of data encryption on IP storage systems

As deployment of IP storage networks grows, so do the risks. Unlike Fibre Channel-based storage systems, IP storage area networks--and the data stored on them--are vulnerable to the same threats as any other IP device, from hack attacks to worms. But few customers are thinking about this problem, and only a few vendors have begun to address it.

Decru Inc. is one of them. The company next quarter will unveil an encryption appliance for the iSCSI protocol for IP networks. ISCSI converts blocks of data into standard file formats on IP networks, increasing its vulnerability. Priced around $40,000, the system helps reduce vulnerabilities using 256-bit key encryption.

Col. Robert Baker at the U.S. Marine Corps Network Operations and Security Command is an early customer using Decru's IP appliance. "We get encrypted data that's virtually untouchable," he says. "It would take a lot of supercomputers to break the code." Baker hopes some day to deploy the Decru iSCSI appliance out in the field during military operations.

Some of the biggest brands in the storage business have yet to tackle data encryption on their IP storage systems, though IBM says it's adding encryption to its DS6000 in the first quarter. Leading storage vendor EMC Corp. says it has plans early next year to build additional security measures into its content-addressable Centera system that runs on the IP network, including encryption and data compression, as well as indexing, which helps find encrypted and compressed data. EMC envisions the system serving as the basis of an Intel-based encrypted storage network grid. The system already secures information via computer-generated software key codes; without knowing the code, an individual can't gain access to data.

The digital-fingerprint feature was a selling point for Paul Vdovets, director of infrastructure at Adirondack Electronic Markets, an options exchange market-maker, who oversees 8 terabytes of information that's load-balanced between two Centera nodes, backed up by a cluster of hard disks. "The data isn't readily accessible, and intruders wouldn't be able to corrupt it or get access to it," Vdovets says.

Storage Growth, bar chartOne risk is that gateways between IP and Fibre Channel storage networks open up data residing on Fibre Channel SANs to security vulnerabilities, says Eric Hibbard, senior director of data networking at Hitachi Data Systems.

Stephanie Balaouras, an analyst at IT market research firm the Yankee Group, disputes that assessment, saying such intrusions would be blocked at the storage network switch. But she does worry that someone could corrupt data if he or she were able to directly access a switch. "The storage industry hasn't done much to prevent an attack from one person," she says.

Meanwhile, the industry also is contending with the issue of multiple security standards from groups such as the Storage Networking Industry Association, the T11 committee, and the Institute of Electrical and Electronics Engineers, and how they would integrate them, Hibbard says.

Rob Enderle, analyst and founder at IT market research firm the Enderle Group, believes it's ultimately up to the customers to take a more proactive approach to securing their storage systems. "Products are deployed in a knee-jerk way," he says, "and customers aren't stepping up and coming up with a measured approach."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.