Secure Storage Must Be A Higher Priority - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure
04:55 PM

Secure Storage Must Be A Higher Priority

Few vendors have tackled the issue of data encryption on IP storage systems

As deployment of IP storage networks grows, so do the risks. Unlike Fibre Channel-based storage systems, IP storage area networks--and the data stored on them--are vulnerable to the same threats as any other IP device, from hack attacks to worms. But few customers are thinking about this problem, and only a few vendors have begun to address it.

Decru Inc. is one of them. The company next quarter will unveil an encryption appliance for the iSCSI protocol for IP networks. ISCSI converts blocks of data into standard file formats on IP networks, increasing its vulnerability. Priced around $40,000, the system helps reduce vulnerabilities using 256-bit key encryption.

Col. Robert Baker at the U.S. Marine Corps Network Operations and Security Command is an early customer using Decru's IP appliance. "We get encrypted data that's virtually untouchable," he says. "It would take a lot of supercomputers to break the code." Baker hopes some day to deploy the Decru iSCSI appliance out in the field during military operations.

Some of the biggest brands in the storage business have yet to tackle data encryption on their IP storage systems, though IBM says it's adding encryption to its DS6000 in the first quarter. Leading storage vendor EMC Corp. says it has plans early next year to build additional security measures into its content-addressable Centera system that runs on the IP network, including encryption and data compression, as well as indexing, which helps find encrypted and compressed data. EMC envisions the system serving as the basis of an Intel-based encrypted storage network grid. The system already secures information via computer-generated software key codes; without knowing the code, an individual can't gain access to data.

The digital-fingerprint feature was a selling point for Paul Vdovets, director of infrastructure at Adirondack Electronic Markets, an options exchange market-maker, who oversees 8 terabytes of information that's load-balanced between two Centera nodes, backed up by a cluster of hard disks. "The data isn't readily accessible, and intruders wouldn't be able to corrupt it or get access to it," Vdovets says.

Storage Growth, bar chartOne risk is that gateways between IP and Fibre Channel storage networks open up data residing on Fibre Channel SANs to security vulnerabilities, says Eric Hibbard, senior director of data networking at Hitachi Data Systems.

Stephanie Balaouras, an analyst at IT market research firm the Yankee Group, disputes that assessment, saying such intrusions would be blocked at the storage network switch. But she does worry that someone could corrupt data if he or she were able to directly access a switch. "The storage industry hasn't done much to prevent an attack from one person," she says.

Meanwhile, the industry also is contending with the issue of multiple security standards from groups such as the Storage Networking Industry Association, the T11 committee, and the Institute of Electrical and Electronics Engineers, and how they would integrate them, Hibbard says.

Rob Enderle, analyst and founder at IT market research firm the Enderle Group, believes it's ultimately up to the customers to take a more proactive approach to securing their storage systems. "Products are deployed in a knee-jerk way," he says, "and customers aren't stepping up and coming up with a measured approach."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll