This article can also be found in the Premium Editorial Download "Storage magazine: Boosting data storage array performance."
Download it now to read this article plus other related content.
- ENCRYPTION BECOMES UBIQUITOUS. Last year was a harbinger of things to come on the encryption front. Early in 2005, storage encryption was synonymous with appliance vendors like Decru, Kasten Chase and NeoScale Systems; but by December, encryption technology was introduced throughout the storage infrastructure. Nexsan Technologies added encryption to its storage systems. Maxxan supplemented its intelligent storage switches by adding encryption capabilities at the port level. Atempo bolstered its backup software with information lifecycle managementcentric encryption capabilities. And some leading tape drive providers such as IBM, Quantum and Spectra Logic articulated roadmaps that contained encryption and other security enhancements.
Storage encryption momentum will pick up more speed and gain greater focus in 2006 as technologies from host bus adapters, switches and storage systems add cryptographic capabilities. To further muddy the waters, encryption will move to the mainstream in file systems and databases. Every IT manager will have to decide where and how often they should scramble the bits.
All of this encryption commotion means two things: Storage managers must curb their enthusiasm and work with their peers in security to determine the best way to protect confidential data, and omnipresent encryption will make key management the next "killer app" in security.
- STORAGE SECURITY SERVICES WILL TAKE OFF. ESG's storage security research in 2004 revealed that only 37% of organizations had conducted a security audit on their storage infrastructure. It's likely that some of the remaining 63% have followed suit and performed audits since then, but ESG believes that the vast majority of organizations have yet to carry out this type of risk analysis. Why? Storage folks simply don't have the right skill sets and because security knowledge remains foreign, many storage professionals have no idea where to look for help.
To date, several companies, such as Computer Associates, GlassHouse Technologies and Kasten Chase, have taken advantage of user demand and the gaps in storage security skills by offering assessment services. Look for the storage security services pool to get a tad more crowded in 2006. Some of the big players like EMC, Hewlett-Packard, Hitachi Data Systems, IBM and StorageTek/Sun are already experimenting with storage security services in limited markets. We can anticipate new service announcements all year long. Consulting shops such as Accenture, Capgemini and Ernst & Young will also address storage security under bigger umbrellas like risk management or compliance. Sensing high demand, regional momand-pop storage VARS will develop security practices, and don't be surprised if security services leaders like Symantec and Unisys also get into the game.
Storage professionals should ensure that their service providers have the skills and staff to thoroughly assess every storage process and technology to uncover the entire gamut of threats and vulnerabilities. Smart storage managers will include the chief information security officer (CISO) in this exercise. These security honchos should be able to help you assess security skills while making the storage security audit a part of their overall enterprise security picture.
- STORAGE SECURITY WILL BE INTEGRATED INTO THE EXISTING INFRASTRUCTURE. When storage software vendors first offered asynchronous mirroring over IP, it was a chance for storage and networking professionals to find ways for their technology piece parts to talk. After some initial hiccups, the storage team grew comfortable with a potpourri of networking concepts like Gigabit Ethernet switches, wavelength-division multiplexing and WAN services.
Storage security will lead to another cross-functional IT experience. More enterprise-class storage technologies will offer security features like role-based access control and logging. To get the most out of these enhancements, security officers will demand that these features be integrated with existing authentication, authorization and auditing (AAA) technologies such as Active Directory, RADIUS and identity management software, as well as log-file aggregators. The integration frenzy will also be driven by the introduction of storage products that adhere to the InterNational Committee for Information Technology Standards (INCITS) T11 committee's Fibre Channel-Security Protocols (FC-SP) storage security standards due out in early 2006.
To avoid any surprises, storage managers should plan for this integration as part of their storage security implementation. Yes, this will add time and money to each project, but it will also deliver faster ROI and better security.
This was first published in January 2006