Encryption
Encryption plays a role in securing stored data, but it's not necessarily a storage decision. "Encryption really is a function of the content--there are internal and external factors to consider, compliance issues [and] questions about where to do encryption," says Budnik. "It's really a corporate decision." He suggests some alternatives to storage encryption: "Is it possible to insist that the application vendor encrypt the proper fields? Maybe the database vendor or the enterprise resource planning vendor should provide utilities to encrypt certain fields and columns."

Encryption is good only if you have good authentication to begin with, adds GlassHouse's Preston. "The core security problem with SANs is not encryption, but the lack of proper authentication," he says.

"We aren't advising customers to encrypt their data generally," says Datalink's Robinson. "They should encrypt selected data going offsite and, over the next 12 to 18 months, the...

VeriCenter does a limited amount of encryption when customers insist. "Encryption slows down backup and key management is difficult," says the firm's Granger "Still, a few customers encrypt at the database level."

Industry analysts and consultants see three major obstacles to widespread storage encryption at this point: cost, latency and key management. As for cost, encryption is expensive. "I have seen enterprises that spent $1 million on storage encryption appliances," says Preston.

In terms of latency, encryption is CPU-intensive. Even with fast, dedicated processors offloading the task, it entails another step when storing and retrieving the data.

Key management is both risky and costly. The risk lies in the potential to lose keys, which will render the encrypted data useless. "Key management also increases costs because it requires more administration," says consultant Gill.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

<< PREVIOUS | NEXT >>: Security for your security appliances

VIEW ALL IN THIS CATEGORY