This article can also be found in the Premium Editorial Download "Storage magazine: Storage products of the year 2003."
Download it now to read this article plus other related content.
The question is being asked for a couple of reasons. First, attaching storage to networks introduces security vulnerabilities that didn't exist in the DAS era. And companies are increasingly facing regulations requiring that they take extra steps to keep sensitive customer information private.
The risk associated with sending backup data over an unprotected IP network is obvious. But even an isolated SAN is vulnerable to attack. Many switches, host bus adapters (HBAs) and other fabric elements use management console interfaces that rely on out-of-band connections that are only minimally protected.
"The management interfaces are the first security vulnerability in a SAN fabric that people should look at," says Nancy Marrone-Hurley, a senior analyst with the Enterprise Storage Group (ESG) in Portland, OR. "But there are many other potential problems that most storage managers haven't even begun to think about."
These security concerns are leading a growing number of storage administrators to embrace an idea that not long ago would have qualified as a symptom of paranoid overkill: encrypting data not only as it traverses a storage network, but also as it sits on disk and tape arrays. No doubt the idea makes some sense. If you've encrypted all your critical data, hackers would be prevented from reading
|Bringing Encryption tools compared|
This was first published in January 2004