With IP SANs, and provided there will be IPSec support on iSCSI/TOE chips, will this be enough to provide end-to-end security protection? Also, do customers want their data stored in encrypted form or is this not an issue?
First, there is no such thing ironclad security. The approach for iSCSI security with IPSec (transport or tunnel mode) provides good security. You mentioned end-end security but there are other aspects of security. For end-to-end security, you need to worry about security from the iSCSI end points to IPSec end points and from the host to the iSCSI, etc.
For securing stored data there is no simple answer -- some customers do and some don't and, there are some legislative requirements also.
These are complex questions with no simple answers. The attackers look for the weakest link. The CIOs would like to ensure that it could enforce its security policy across all networks, including storage networks.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in January 2003