Securing Data Across SANs, WANs, and Shared File Systems Page 3 -

Securing Data Across SANs, WANs, and Shared File Systems Page 3

Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure

What Does Not Work

There is so much that does not work. I am unaware of any end-to-end total solutions that have:

  1. MLS support for access control within the operating system
  2. MLS support within a file system that supports high performance IOPS and streaming I/O
  3. MLS support for a heterogeneous shared file system
  4. The ability to perform encryption within the file system
  5. Authentication for every path to the device (HBA, Fibre Channel switch, IP router, RAID, and tape)
  6. Standard encryption for access control of every device (HBA, Fibre Channel switch, IP router, RAID, and tape)
  7. Support for HSM encryption or backup encryption to/from tape
  8. Support for WAN encryption
  9. Support for encrypted remote mirroring of the RAIDs (if required)

What I'm outlining is the requirement for total data security from the time data is moved into or created within the system until the time data is destroyed — i.e. security through every aspect of all of the systems within a heterogeneous environment. Of course, this will have overhead, and in many cases these requirements might be overkill given that some systems contain no sensitive data.


We are a long, long way from having total end-to-end data security. The operating system is the critical path to the development of a truly secure system. Most vendors are looking at host-based solutions, and I am unaware of any modern file system (the next level) that meets all of the security requirements. Of course, having a file system is much more difficult in a heterogeneous environment, but while a homogenous OS could provide the basis of this security nirvana, this is something most experts believe is not on the short-term horizon.

A shared file system with MLS capabilities that supports heterogeneous access, HSM, and data security is the ideal, but it remains a pipe dream for now. The operating systems vendors need to develop truly secure MLS systems that can interoperate, which is not going to happen anytime soon. As a result, what we are currently left with are various band-aids for shoring up security in the areas where we are most vulnerable.

» See All Articles by Columnist Henry Newman

Page 3 of 3

Previous Page
1 2 3

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Storage Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that may send you ENTERPRISEStorageFORUM offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISEStorageFORUM believes may be of interest to you. ENTERPRISEStorageFORUM will process your information in accordance with the Quinstreet Privacy Policy.

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date