Secure Storage Must Be A Higher Priority - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure
04:55 PM

Secure Storage Must Be A Higher Priority

Few vendors have tackled the issue of data encryption on IP storage systems

As deployment of IP storage networks grows, so do the risks. Unlike Fibre Channel-based storage systems, IP storage area networks--and the data stored on them--are vulnerable to the same threats as any other IP device, from hack attacks to worms. But few customers are thinking about this problem, and only a few vendors have begun to address it.

Decru Inc. is one of them. The company next quarter will unveil an encryption appliance for the iSCSI protocol for IP networks. ISCSI converts blocks of data into standard file formats on IP networks, increasing its vulnerability. Priced around $40,000, the system helps reduce vulnerabilities using 256-bit key encryption.

Col. Robert Baker at the U.S. Marine Corps Network Operations and Security Command is an early customer using Decru's IP appliance. "We get encrypted data that's virtually untouchable," he says. "It would take a lot of supercomputers to break the code." Baker hopes some day to deploy the Decru iSCSI appliance out in the field during military operations.

Some of the biggest brands in the storage business have yet to tackle data encryption on their IP storage systems, though IBM says it's adding encryption to its DS6000 in the first quarter. Leading storage vendor EMC Corp. says it has plans early next year to build additional security measures into its content-addressable Centera system that runs on the IP network, including encryption and data compression, as well as indexing, which helps find encrypted and compressed data. EMC envisions the system serving as the basis of an Intel-based encrypted storage network grid. The system already secures information via computer-generated software key codes; without knowing the code, an individual can't gain access to data.

The digital-fingerprint feature was a selling point for Paul Vdovets, director of infrastructure at Adirondack Electronic Markets, an options exchange market-maker, who oversees 8 terabytes of information that's load-balanced between two Centera nodes, backed up by a cluster of hard disks. "The data isn't readily accessible, and intruders wouldn't be able to corrupt it or get access to it," Vdovets says.

Storage Growth, bar chartOne risk is that gateways between IP and Fibre Channel storage networks open up data residing on Fibre Channel SANs to security vulnerabilities, says Eric Hibbard, senior director of data networking at Hitachi Data Systems.

Stephanie Balaouras, an analyst at IT market research firm the Yankee Group, disputes that assessment, saying such intrusions would be blocked at the storage network switch. But she does worry that someone could corrupt data if he or she were able to directly access a switch. "The storage industry hasn't done much to prevent an attack from one person," she says.

Meanwhile, the industry also is contending with the issue of multiple security standards from groups such as the Storage Networking Industry Association, the T11 committee, and the Institute of Electrical and Electronics Engineers, and how they would integrate them, Hibbard says.

Rob Enderle, analyst and founder at IT market research firm the Enderle Group, believes it's ultimately up to the customers to take a more proactive approach to securing their storage systems. "Products are deployed in a knee-jerk way," he says, "and customers aren't stepping up and coming up with a measured approach."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll