Compliance Creates New Storage Needs
Data protection and retention regulations have created a new class of data, such as event logs and audit reports, that themselves must be stored and managed to prove compliance. Call it managing information about the security of information, if you will.
SenSage is one start-up targeting this new class of data. Next week, the company will unveil the SenSage Compliance Bundle, an integrated security data analytics and storage solution that the company says makes it easier and cheaper to manage security monitoring, investigation and compliance data.
The offering combines SenSage with an EMC Centera content addressed storage (CAS) system in what the company bills as an information lifecycle management (ILM) solution for compliance data. SenSage calls the new niche security information management (SIM). Scott Gordon, vice president of worldwide marketing at SenSage, estimates the new market at $250 million to $300 million and growing.
Regulations such as HIPAA and Sarbanes-Oxley "require greater process automation and storage capacity for event data," said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group. "It's not a simple collection, reporting and archiving equation; it is about scalability for efficient analysis and usable retention. We believe the features of the SenSage Compliance Bundle, leveraging EMC Centera, offers enterprises a smart choice for security information lifecycle management."
SenSage says it has become a security best practice to generate, store and analyze system activity to track internal and sophisticated threats and complete audits. Visa's PCI (payment card industry) Data Security standard, for example, requires on-going assessment and annual retention of transaction system audit trails, and DCID 6/3 (Director of Central Intelligence Directive) mandates that government organizations and contractors with access to classified information consistently analyze system activity and retain event logs for five years. For larger enterprises, meeting such regulations can easily consume gigabytes of storage each day.
SenSage says its new solution lets organizations aggregate, analyze, dynamically monitor and manage high volumes of event log data. The SenSage Compliance Bundle ships with SenSage security analytics software fully integrated with an EMC Centera CAS system for "fast, easy online data access with assured content authenticity and petabyte scalability." It also includes one SenSage compliance analytics package comprising pre-defined rules and reports mapped to financial reporting, financial services, healthcare, privacy or government guidelines.
Gordon said API-level integration with Centera makes for an "extremely fast" solution offering "near-primary storage performance."
EMC has granted SenSage's security analytics software "EMC Centera Proven" certification. EMC is also marketing the product, which is being billed as a SenSage solution.
"EMC Centera complements SenSage's performance, compliance and scalability features by extending online capacity at the lowest total cost," states Roy Sanford, vice president of content addressed storage at EMC. "As customers look to securely archive more data for longer periods of time, this combination of pre-tested and configured technology can help them meet their business requirements in the most simple and effective manner."
Pricing for the SenSage Compliance Bundle starts at about $200,000, which Gordon says is "considerably less" than the cost of purchasing the SenSage and EMC products separately. Gordon calls the pricing "aggressive" and said it is half the cost of competing products. The Compliance Bundle includes the SenSage Enterprise Security Analytics system, a SenSage compliance package, and either a 4- or 8-node EMC Centera storage system.