Disk encryption: not just for paranoids


This article can also be found in the Premium Editorial Download "Storage magazine: Storage products of the year 2003."

Download it now to read this article plus other related content.

Application-centric tools
Whether to take a storage-centric approach to encryption or an application-centric approach is another decision security-conscious IT managers will have to make. While some appliances sit directly on the FC and encrypt data on a storage block-by-block basis, other encryption products work much more closely with the application.

Ingrian Networks' Network-Attached Encryption product includes an encryption appliance, but unlike the Decru and NeoScale products, it also works with what Ingrian calls a Secure Transaction Platform--software that sits in front of a Web or application server and monitors files and records passing between those servers and the database server. The Secure Transaction Platform allows IT managers to be more selective about what they're encrypting because it deals with data on a more granular level, as files or records rather than blocks.

Another product, Vormetric's CoreGuard, works in a similar way, with a software agent called Policy Enforcement Module plugging into the operating system's file system. CoreGuard also includes a policy engine, giving administrators the ability to grant or restrict end-user access on a file-by-file basis and to track who's accessed which files and when.

Such application-level encryption and authorization has its advantages. Even competitors admit that besides offering much more fine-grained encryption and

Requires Free Membership to View

access control, such systems also are able to encrypt and protect data from the moment applications generate it.

"If you're running one key application and that's where the bulk of your mission-critical data is, application-level encryption makes sense," says Scott Gordon, NeoScale's VP of marketing.

That's exactly the situation that last year convinced Van Nguyen, director of global IT security at an integrated circuit software design company, to deploy Vormetric's CoreGuard product to encrypt and control access to proprietary source code, the heart of the company's intellectual property. The integrated circuit software company created its own version control software that allows developers at 80 sites in 20 countries to collaborate by sharing files over an IP network. CoreGuard's encryption allows the company to ensure the privacy of the source code. And its access control features allow the company to keep track of who accesses a particular file.

"We looked at some of the storage encryption appliances, but they represented only half of a solution," says Nguyen. "With those, even after you've encrypted the data, there's a lot you can't control."

While application-centric encryption offers more control, there are drawbacks. Because products like Ingrian's rely on software agents, they tend to impact performance more than hardware-only encryption engines. And many application-centric products support only a limited range of environments. Vormetric, for example, only supports applications running on Sun's Solaris operating system. Officials say the company currently is working on a Linux implementation.

Moreover, relying on applications or application-specific tools for encryption can spawn complexity.

This was first published in January 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: