Data encryption promises SAN security

Storage Networking World - This past November, federal investigators cracked the largest identity theft ring yet, a scheme that stole credit histories of 30,000 people from the computer systems of credit agencies, resulting in losses conservatively valued at $2.7 million dating back to 2000. The rip-off was perpetrated by IT insiders allegedly using their skills and systems access to download credit reports.
The bust leads to questions about networked storage. After all, this data wasn't just parked out on the Internet waiting to be plucked; it was stored in the supposedly secure databases of commercial credit reporting companies.
Therein lies the problem. Any system can be compromised, especially one targeted by skilled insiders. But if the data is stored in an encrypted format instead of sitting openly on the disk drive, it will remain private and unusable, regardless of security breaches.
Young companies such as Vormetric, Decru, Neoscale, Ingrian Networks, Kasten Chase, Onaro and more hope a rush to networked storage — primarily NAS and SANs — will drive demand for their storage security products. They may very well be right: In five years, International Data Corp. (IDC) in Framingham, Mass., expects 80% of enterprise storage to be networked, a dramatic shift from the 20% of storage networked today. When that happens, a huge amount of valuable but unencrypted corporate data will be at risk.

Forcing a new mindset
To date, enterprise storage managers haven't worried much about the security of the data stored on their disk arrays. Often the storage resides within the glass house with its limited, highly controlled access. Even if it is distributed, it is tucked behind the server to which it is attached. An attacker would have to break through the security of dozens, maybe hundreds of different servers to get at the stored data.
With networked storage, however, all the stored data is accessible via the network. An attacker need only compromise one attached host to gain a clear shot at all the data sitting wide open on the various storage devices. Security techniques such as LUN masking and zoning can limit the damage an intruder could cause, but in the process, they also limit the flexibility of the networked storage.
"Once you say network, you increase the possibility that someone can get to the data," notes Richard Villars, vice president of storage systems at IDC. "The appropriate response is increased security. Just as security is a major part of networking and software, it will become an important part of storage."
Although the industry likes to talk about