The question is being asked for a couple of reasons. First, attaching storage to networks introduces security vulnerabilities that didn't exist in the DAS era. And companies are increasingly facing regulations requiring that they take extra steps to keep sensitive customer information private.
The risk associated with sending backup data over an unprotected IP network is obvious. But even an isolated SAN is vulnerable to attack. Many switches, host bus adapters (HBAs) and other fabric elements use management console interfaces that rely on out-of-band connections that are only minimally protected.
"The management interfaces are the first security vulnerability in a SAN fabric that people should look at," says Nancy Marrone-Hurley, a senior analyst with the Enterprise Storage Group (ESG) in Portland, OR. "But there are many other potential problems that most storage managers haven't even begun to think about."
These security concerns are leading a growing number of storage administrators to embrace an idea that not long ago would have qualified as a symptom of paranoid overkill: encrypting data not only as it traverses a storage network, but also as it sits on disk and tape arrays. No doubt the idea makes some sense. If you've encrypted all your critical data, hackers would be prevented from reading
Requires Free Membership to View
When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.
Rich Castagna, Editorial Director
it, even if they were able to worm their way into your storage network. But it's not quite as simple as all that--there are trade-offs.
| Bringing Encryption tools compared |
This was first published in January 2004