News Stay informed about the latest enterprise technology news and product updates.

New tool solves NAS, SAN security woes, company says

A new storage start-up is making the rounds with a security appliance it claims can encrypt and decrypt SAN and NAS data without impacting network performance.

Storage security start-up Decru Inc. of Redwood City, Calif., is emerging from stealth mode to introduce a new line of storage security appliances. The product line, dubbed DataFort, consists of security appliances that encrypt and decrypt data, using up to 256-bit encryption technology at wire speed.

Decru has two flavors of DataFort, the DataFort E440 for file-based network-attached storage (NAS) and the DataFort FC440 for block-based storage area networks (SANs).

According to Decru, NAS and SAN environments are going largely unprotected under traditional network perimeter techniques like firewalls, VPNs and SSL.

"Data is sitting in clear text on file servers or back-end arrays in a SAN," said Andy Salo, director of product marketing for Decru. "As SANs and NAS grow it gets worse."

Salo said that LUN masking and zoning are inadequate attempts at SAN security and that, moreover, they are not scalable. Operations such as backups, replication and mirroring defeat the purpose of LUN masking and zoning techniques by putting unprotected data out of the data center and into remote sites.

There has been a long-standing concern that adding security to a storage network could impact workflow and network performance. Decru claims to have tackled that problem.

"A lot of people have shied away from encryption because it couldn't be done at wire speed," he said. "DataFort is completely transparent to the network traffic."

Dr. Vijay Ahuja, founder and president of Cipher Solutions Inc., a professional services company that assists in implementing storage security, said that most of today's security is handled by existing storage vendors through added security features.

"At this time, the industry is determining the right technologies to secure the storage data. The problem would ideally be for an end-to-end solution, including security of data while stored," Ahuja said. "So the short answer is we will see security in servers, storage networks as well as from standalone appliances."

The Decru DataFort appliance supports Fibre Channel, CIFS and NFS environments through the use of its Storage Encryption Processor (SEP), a custom hardware engine that performs multi-gigabit-speed, full duplex encryption for ensuring data and key security.

The security policies on DataFort are configurable and support a variety of industry-standard authentication schemes. Decru said DataFort utilizes 256-bit key AES encryption and a True Random Number Generator (TRNG) to scramble and descramble data without requiring additional software on clients, servers, hosts or storage devices.

Decru's appearance on the storage security scene mirrors activity in the rest of the industry. The Storage Networking Industry Association and its members recognized the problem of securing storage and recently formed the Storage Security Industry Forum (SSIF). The forum's goal is to help identify best practices on how to build secure storage networks and promote standards-based solutions to the problem.

"Users of storage networks have identified security as one of their primary concerns. The Storage Security Industry Forum will enable SNIA members to collaborate in a vendor-neutral environment and create a focal point for industry and user interchange on secure storage networks," said Brad Stamas, chairman of the SNIA.

Companies involved in the SNIA's SSIF include Adaptec Inc., Brocade Communications Systems Inc., Computer Associates Inc., Hewlett-Packard Co., IBM Corp., Infinity I/O, JNI Corp., McData Corp., NeoScale Systems Inc., QLogic Corp., Seagate Technology Corp., Spectra Logic Corp., and Zyfer Inc.

Mike Karp, a senior analyst at Enterprise Management Associates of Boulder, Colo., said that there is an increasing need for research that will help advance technologies in the storage security arena.

Decru was founded in April 2001 and has since been flying under the radar while raking in $43 million in funding. The company is targeting a variety of financial, government, biotechnology and technical firms as potential customers for its security appliances.

"When you put more and more data on a few large storage devices, the risk of devastation from a single attack grows," said Dan Avida, Decru's president and CEO.

While pricing was not disclosed, Avida expects the DataFort appliances will be deployed in high performance databases in SAN and NAS environments.

Decru DataFort security appliances are available immediately.

Let us know what you think about the story; e-mail Kevin Komiega, News Writer


Start-up develops enterprise storage security appliances

Storage security round-up

TechTarget's security research bonanza

Comment on this article in the Discussion forums

Dig Deeper on SAN technology and arrays

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.