NetApp CEO Discusses the Push to Secure Storage

Q&A: Network Appliance is moving fast on the virtualization and encryption fronts. CEO Dan Warmenhoven chats about why this should excite customers.

Network Appliance is having a tough time keeping still these days. The storage company is proving in 2006 that it is not afraid to spread its wings in new technology areas, evidenced by the expected release next week of its new VTL (virtual tape library) technology and enhanced Decru DataFort storage security appliance.

Recently, NetApp CEO Dan Warmenhoven sat down with eWEEK Senior Writer Brian Fonseca to discuss NetApps roadmap approach, the relationship of storage and encryption, and how virtualization will be featured prominently for NetApps customers very soon.

Backed by your new [NearStore] VTL technology and storage encryption capabilities, NetApp is expanding its product roadmap and focus into several new areas. How does security fit into that paradigm?

As we look forward, we see us expanding beyond this space of storage systems, thats what led us to the acquisition of Decru and certain others like Alacritus with its virtual tape library.

We also have a big push going on for our own virtualization solutions which dont carry any disks either. Our vision is that a lot of functionality will be deployed inside the storage network that is between the servers and the storage systems. And it will provide a variety of different services, and data security is one of those services that goes in there.

/zimages/5/28571.gifClick here to read about NetApps new virtual tape libraries.

Now I view security as being one of these multifaceted topics. Theres network security, but there is a type of security which protects the data on the storage device—we call it data at rest. So whether data is sitting on a disk or sitting on tape, its protected. Its very different than the kind of thing that Symantec is focusing on.

What role does encryption have to play with locking down storage environments?

The notion of this, deploying [encryption] technology inside the storage network whether it be Ethernet or a SAN, is really not new. There are all different styles of things that might go in there, like a virtualization solution. You see one from IBM, one from EMC, one from ourselves, obviously one from Hitachi. Security encryption solutions logically fit right there.

You could even envision some time in the future having a DNS-type service. DNS on the Web does a mapping of the name of a URL to an address.

It gives you a level of transportation destination, and you can do the same for data. Give the name server if you will the name of data youre trying to locate and it returns back to the location. So there is data management services I think will evolve into the network and thats kind of our view to where the future is going.

What factors have stalled storage encryption efforts? Are customers ready to adopt this model with NetApp as a provider through Decru?

Theres been two significant problems with encryption. DES encryption has been around for a long time, but it is not widely deployed. First, it always impacted application performance and data access performance.

If you look at major backup solutions like Tivoli Storage Manager, almost all of them have an encryption option. As you write to the tape you can encrypt. The only problem is it slows down backup by a factor of four or five, so its not very practical. The other issue is the management of the keys is very complex. Putting a policy together around personnel practices and policies and then translating that to a technical solution in terms of key management has always been a very difficult problem.

Decru I think aptly addresses both of those issues. It does encryption at wire speeds with custom semiconductors. One of the issues on key management for encryption is if you write to a backup tape and send it off to a repository and bring it back to a different location—thats assuming your strategy for business continuity relies on a portion of tape. So the primary source got destroyed, and you bring it back to secondary data center. Now how did the key get there? That could be several years later.

Key management policies have really been one of obstacles and Decru has really flattened that issue, taken it right away.

Next Page: Integrating Decru technology.