Storage in general:
The storage industry will need to deliver cost-cutting solutions more so than new functionality. With the CIOs facing budget cuts across the board, the focus will turn to bottom line vs. new features or enhancements.
Cyber attacks will continue to be the major headache for CIOs. The trend will continue towards attacks that are more complex and sophisticated to launch, such as those requiring multiple computers. At the same time, its impact on the industry is going to be worse than before. The last two major cyber attacks were Code Red (2001) and Nimda (2001).
There has not and will not be a magic bullet to provide security. It is an evolving combination of processes and technologies that must continue to adapt to ever changing threat environments.
Stand-alone appliances will continue to grow and fill the gaps for businesses to have a complete and consistent level of enterprise-wide security. At the same time, some of the security functionality will continue to be submerged inside the products.
Enterprises will continue to enhance security, entertaining new approaches such as layered security (more than just firewalls or DMZs) while optimizing existing security tools such as firewalls and VPNs.
Legislation may emerge requiring product and service vendors to establish and guarantee service level agreements to their customers.
Storage security will need to define its role in the context of enterprise security and the corporate security policy. A broader outlook focusing on enterprise-level security issues such as compatibility and integration will be the need of the year.
Security will slowly become a prerequisite for storage products as new implementations emerge from recently approved storage security standards by IETF and ANSI. The drivers will include growing cyber threats coupled with outgrowth of storage networks from single data centers into distant SANs.
Competition will be the game for stand-alone storage security appliances and third-party storage security servers. The winning criteria will include a simple value-prop that addresses critical security needs or addresses federal regulations, freedom from vulnerabilities, compatibility to existing security environment, ease of implementation -- and of course strong security.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in December 2002