Information protection
- Article 3 of 3
- Enterprise Security, May 2005
Ensuring the integrity of information is a primary goal of both security and storage, a fact that puts the sectors on a converging course.
Page 1 | Page 2 | Page 3 | All 3 Pages
StorageTek has also been looking at making storage more secure. An ATA blade server with built-in hardware encryption is in the works for this year, with support for fibre channel and serial SCSI blades due early 2006. Before then it is also promising a ‘content engine’. Like the hardware appliances of Decru and NeoScale, the content engine sits between the host and the storage, encrypting and decrypting, while presenting itself as a simple CIFS/NFS disk image. Designed primarily to work with nearline storage, rather than higher performance systems, the system can not only encrypt data, but move SAN management away from the host and down to the storage system itself.
Laurence James, ILM solutions business manager at StorageTek, says the content engine should solve the problem posed by centralised storage. “If you’ve thousands of different hosts, access control is unmanageable. So you have to move security down into the box.” Rather than using the standard ‘users’ and ‘groups’ approach to granting access rights, the content engine will be more business focused, managing pieces of content according to policy.
The content engine will also tackle another aspect of storage security: showing that data has not been changed or viewed by anyone other than authorised users. Like EMC’s Centera, the content engine will use content addressing, generating filenames and digital signatures based on content metadata, such as modification data.
Logicalis security consultant Emlyn Everitt also highlights the management issues associated with integrated storage and security solutions. “What you really need, for instance, is not just a mechanism of encryption but an entire encryption management framework.”
Windows has the ability to encrypt its hard drive data, yet few organisations use it, Everitt says, because of the problems of key management. “You have different keys from different systems stored all over the place. Someone encrypts the information using something based on his own password and user name, but if he’s sick or leaves the company, what happens then.” Only by ensuring that both security and storage teams work together to develop common policies and frameworks for handling enhanced storage solutions will the benefits be realised.
Page 1 | Page 2 | Page 3 | All 3 Pages