ORLANDO, FL. — Perhaps the biggest surprise at this week’s Storage Networking World was just how central the role of security has become, as storage managers are increasingly pressed into service to plug data leaks and ensure compliance with data protection regulations (see Storage Becomes the Center of the Security Storm). EMC boosted its storage […]
ORLANDO, FL. — Perhaps the biggest surprise at this week’s Storage Networking World was just how central the role of security has become, as storage managers are increasingly pressed into service to plug data leaks and ensure compliance with data protection regulations (see Storage Becomes the Center of the Security Storm).
EMC boosted its storage security offerings, HP, IBM and Vormetric unveiled encryption key management products, and Seagate, IBM and LSI promoted disk drive encryption. And those were just a few of the announcements between this week’s SNW and RSA conferences.
A tutorial at SNW by Roger Cummings of Symantec illustrated how storage managers can eliminate much of their vulnerability by using the right technologies for encryption. Cummings defined encryption as the conversion of plain text to encrypted text with access only by authorized users. He outlined a number of methods for protecting both data at rest and in flight, including encryption/decryption built into tape drives, and disks that encrypt data before storing it on media.
Cummings outlined a nine-step checklist for encrypting data at rest, beginning with understanding the reasons for confidentiality and working closely with legal counsel and company executives to identify regulatory obligations and develop IT strategic plans. Activating encryption is the last step, after classifying and inventorying assets, performing data flow analysis, encrypting as close to the source as possible, designing the solution with a focus on demonstrating the chain of evidence, and beginning data realignment to implement the solution.
Deploying fabric-based encryption was the recommendation of Roger Bouchard of Brocade, who said this approach reduces complexity by using a common method for encrypting all types of data residing on any storage device connected to the storage area network (SAN).
Consultant Richard Austin recommended that managers focus their storage security efforts on data leaving a storage manager’s control, including data stored on removable media, in third party untrusted data centers that must be protected both in flight and at rest, and data transferred between trusted data centers that must be encrypted in flight. Austin maintained that encrypting data at rest is a measure of last resort, requiring careful planning and methodic implementation.
The importance of a key management strategy generated considerable audience interest in a session led by Walt Hubis of LSI. Hubis recommended a series of best practices to deploy key management, including limiting the use of data encryption keys, enforcing strict access controls, and disposing of keys when no longer needed.
SNW attendees also got hands-on practice in using a software approach to encryption, performing hardware encryption with keys provided by the backup application, and reading tapes encrypted by one drive in another drive.
Protecting data is also a top priority for storage managers because of the potential for stiff fines for failing to produce data in e-discovery cases, according to David Stevens of CMU. In a session on the December 2006 changes to the Federal Rules of Civil Procedures (FRCP), Stevens discussed the need to preserve to the best of a manager’s ability all the details of the original electronically stored information (ESI), if not producing the original itself. He said a company (and its storage manager) may be requested to produce ESI even if it is not a party to the litigation.
He recommended creating and following a company’s data/ESI retention policy, including auditing compliance with the policy, knowing where data resides, knowing how to preserve ESI, and maintaining a chain of custody for the data. Stevens reminded attendees that at least 37 U.S. District Courts now require compliance with specialized local rules, forms and guidelines addressing the discovery of electronically stored information.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
