Encryption catching on with security-conscious firms

Storage Networking World - Data security is a must for Transend Business Services, a provider of Web-based managed business transaction services located in Chicago and Ottawa.
As part of its services, the company stores and archives massive amounts of sensitive data regarding its clients' customer transactions. The company defends itself with multiple layers of firewall security, as well as VPN tunneling for data replicated between the company's data centers.
Recently, however, Transend and its customers have grown increasingly concerned about the potential for security breaches on the data storage side, especially after several well-publicized cases in Canada where companies lost control of sensitive data when employees walked out with disk drives.
Transend is not alone in this concern. In a survey published last July, Enterprise Strategy Group (ESG) in Milford, Mass., asked 388 storage professionals where they thought their company was most vulnerable to a storage security breach. Forty-two percent cited a deliberate attack by an IT employee, 33% mentioned human error, 11% said technology flaws, and only 4% said an attack from the outside.

One answer: Encryption
Transend has responded in the same way as an increasing number of companies: by deploying encryption technology for data that is housed on its SANs. Having spent a huge amount of time and money shoring up their outer defenses, many enterprises are beginning to guard their stored data against insider attacks, disgruntled employees, unprincipled contractors and visiting clients.
Another reason for the heightened interest in encryption is the advent of government regulations like HIPAA, Sarbanes-Oxley and PHIPA in Canada.
"Transend customers who are liable for the security of their own customers' information pass that liability onto us," says Brent Luckman, CEO at Transend. To avoid potentially crippling litigation, and to protect its clients' information, Transend needed a way to secure not just data traveling between storage devices but also data at rest.
To do so, Transend chose NeoScale's Cryptostor FC, a network appliance that sits on the SAN, intercepting data between attached hosts and storage resources, and applying AES256 block-level data encryption. This assures customers that their sensitive data will not be shared with another company, Luckman says.
"By implementing the Cryptostor Solution, Transend cut its product and services liability with one of the major Canadian banks from $1 million down to $100,000," Luckman notes.

Mounting costs
According to Gartner research director Rich Mogul, companies that don't encrypt stored sensitive data will spend 50% more than enterprises that do, because they will fail to comply with regulatory or contractual data protection requirements. By year-end 2007, he

Reprinted with permission from

This article is reprinted by permission from SNW Online.
Story copyright 2006 SNW Online, all rights reserved.