Feature

Disk encryption: not just for paranoids

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Storage products of the year 2003."

Download it now to read this article plus other related content.

As direct-attached storage (DAS) moves to storage area networks (SANs), a question asked more often of storage administrators these days is: "How safe is our data?"

The question is being asked for a couple of reasons. First, attaching storage to networks introduces security vulnerabilities that didn't exist in the DAS era. And companies are increasingly facing regulations requiring that they take extra steps to keep sensitive customer information private.

The risk associated with sending backup data over an unprotected IP network is obvious. But even an isolated SAN is vulnerable to attack. Many switches, host bus adapters (HBAs) and other fabric elements use management console interfaces that rely on out-of-band connections that are only minimally protected.

"The management interfaces are the first security vulnerability in a SAN fabric that people should look at," says Nancy Marrone-Hurley, a senior analyst with the Enterprise Storage Group (ESG) in Portland, OR. "But there are many other potential problems that most storage managers haven't even begun to think about."

These security concerns are leading a growing number of storage administrators to embrace an idea that not long ago would have qualified as a symptom of paranoid overkill: encrypting data not only as it traverses a storage network, but also as it sits on disk and tape arrays. No doubt the idea makes some sense. If you've encrypted all your critical data, hackers would be prevented from reading

    Requires Free Membership to View

it, even if they were able to worm their way into your storage network. But it's not quite as simple as all that--there are trade-offs.

Bringing Encryption tools compared

This was first published in January 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: