Following a rash of high-profile data security breaches, companies are demanding that implementing security be...
made more simple, which is driving the vendor community to start bundling security with storage.
The first of the new data security bundles comes from Network Appliance Inc. (NetApp) and Decru Inc. and is called CardVault. It bundles NetApp storage systems with Decru DataFort storage security appliances.
CardVault is aimed specifically at credit card companies and credit card processing agencies that have been scrambling to meet new security requirements imposed on the industry by its own major players, namely MasterCard International Inc. and Visa International Service Association.
The system can be used in NAS, SAN and IP SAN configurations. It attaches Decru's DataFort module to any of NetApp's storage filers. DataFort encrypts the data and can create "cryptainers" -- compartmentalized sets of secure data with different authorized users on the same storage device.
According to Jon Oltsik, senior analyst at the Enterprise Strategy Group, "you have storage and security standards, and you tend to look at those through different lenses because your storage and security people are separate, and buy from different vendors. I think [CardVault] is a good move on streamlining the purchasing process and offering a best-of-breed solution under the same name."
While the NetApp/Decru offering is meant to be used by the credit card industry, Kevin Brown, vice president of marketing at Decru said it may be the beginning of a market-wide sea change in approaches to data security.
"This is well optimized for the credit card industry, but it could be used to protect almost any kind of data. It is just bits. We can protect any type of bits you like," Brown said.
Disuk: "Encryption for the masses"
The second combined security/storage product is called SafeTape, launched by Disuk Ltd. this week. The product combines Disuk's Paranoia2 encryption appliance with a backup tape reader/writer.
Like Paranoia2, SafeTape connects to the host system, encrypts data then writes the data to tape. The difference is that SafeTape bundles the actual tape drive with the Paranoia2 system..
And like the NetApp/Decru product, SafeTape targets a specific sector of the market, in this case small to midrange businesses without the means to encrypt backup tapes using technology meant for large, rich companies.
SafeTape is also offered in a number of formats, according to Disuk's U.S. sales representative Brian Bailey -- as a rack-mount or desktop enclosure with a number of user-interface options and models for AIT-4, LTO-2, LTO-3, SDLT320 and SDLT600 tape systems.
According to Rob Gretton, co-founder of Disuk, "All the security appliances that were available were very high end and have a very significant price tag. We see SafeTape as encryption for the masses -- it allows small and midlevel enterprises to get into encryption and feel secure that should anything happen to their data tape, they're not exposed. And more importantly, their customers are not exposed."
Disuk's Paranoia2 currently sells for around $15,000. The SafeTape solution retails at $17,995. Gretton said this is less expensive than purchasing the Paranoia2 unit and a tape writer separately.
Gretton said Disuk will continue to develop combined security and storage products. "We will be releasing autoloader versions of the product, and live readers. We're in conversations with some of the big manufacturers."
NeoScale bundles with StorageTek and Fujitsu
"One throat to choke -- that's what customers are looking for," said James Yu, vice president of business development at NeoScale. NeoScale made two announcements of bundled tape encryption products in April and will have more news about bundled product offerings for data security before the end of the second quarter.
The evolution of storage security
Implementing security is not simple, which is why these bundles are evolving, according to Dave Ellard, senior vice president of GlassHouse Technologies Inc., He said the majority of stored data is probably unencrypted because up until very recently, data stored on backup tapes wasn't something anyone wanted -- because up until very recently, sensitive data like credit card information wasn't stored digitally.
" 'Identity theft' is a new term … I don't remember hearing that five years ago," he said.
Another roadblock to encrypting backup data, according to Ellard, is that tape encryption tools are rudimentary at best. "The reality is, [encrypting tapes] sounds easy, but most of the tape backup infrastructure that we have uses primitive encryption keys. Most only have one key."
And one key means that encryption can't be changed -- meaning data security concerns from employees inside the company couldn't be addressed with current technology.
Now, though, Ellard said he has seen companies scrambling to come up with more effective solutions for encrypting tape or ways to replace it altogether. Ellard said the NetApp/Decru and Disuk products are "overlay solutions", which will bridge the gap until a universal data security practice is in place.
Eventually, Ellard said he hopes to see the encrypted transmission of data from disk to disk. "That's the real answer. There are some robust offerings in this area, but not everybody's there yet."
Click here for more of today's news.