Few vendors have tackled the issue of data encryption on IP storage systems
As deployment of IP storage networks grows, so do the risks. Unlike Fibre Channel-based storage systems, IP storage area networks--and the data stored on them--are vulnerable to the same threats as any other IP device, from hack attacks to worms. But few customers are thinking about this problem, and only a few vendors have begun to address it.
Decru Inc. is one of them. The company next quarter will unveil an encryption appliance for the iSCSI protocol for IP networks. ISCSI converts blocks of data into standard file formats on IP networks, increasing its vulnerability. Priced around $40,000, the system helps reduce vulnerabilities using 256-bit key encryption.
Col. Robert Baker at the U.S. Marine Corps Network Operations and Security Command is an early customer using Decru's IP appliance. "We get encrypted data that's virtually untouchable," he says. "It would take a lot of supercomputers to break the code." Baker hopes some day to deploy the Decru iSCSI appliance out in the field during military operations.
Some of the biggest brands in the storage business have yet to tackle data encryption on their IP storage systems, though IBM says it's adding encryption to its DS6000 in the first quarter. Leading storage vendor EMC Corp. says it has plans early next year to build additional security measures into its content-addressable Centera system that runs on the IP network, including encryption and data compression, as well as indexing, which helps find encrypted and compressed data. EMC envisions the system serving as the basis of an Intel-based encrypted storage network grid. The system already secures information via computer-generated software key codes; without knowing the code, an individual can't gain access to data.
The digital-fingerprint feature was a selling point for Paul Vdovets, director of infrastructure at Adirondack Electronic Markets, an options exchange market-maker, who oversees 8 terabytes of information that's load-balanced between two Centera nodes, backed up by a cluster of hard disks. "The data isn't readily accessible, and intruders wouldn't be able to corrupt it or get access to it," Vdovets says.
One risk is that gateways between IP and Fibre Channel storage networks open up data residing on Fibre Channel SANs to security vulnerabilities, says Eric Hibbard, senior director of data networking at Hitachi Data Systems.
Stephanie Balaouras, an analyst at IT market research firm the Yankee Group, disputes that assessment, saying such intrusions would be blocked at the storage network switch. But she does worry that someone could corrupt data if he or she were able to directly access a switch. "The storage industry hasn't done much to prevent an attack from one person," she says.
Meanwhile, the industry also is contending with the issue of multiple security standards from groups such as the Storage Networking Industry Association, the T11 committee, and the Institute of Electrical and Electronics Engineers, and how they would integrate them, Hibbard says.
Rob Enderle, analyst and founder at IT market research firm the Enderle Group, believes it's ultimately up to the customers to take a more proactive approach to securing their storage systems. "Products are deployed in a knee-jerk way," he says, "and customers aren't stepping up and coming up with a measured approach."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.