New Appliances Set Sights on Storage Security

Reliability, good performance and interoperability typically top the requirements list for enterprise storage solutions. But as SANs and NAS continue to expand, security will become an increasingly important evaluation criterion.

Storage consolidation is a major goal at virtually every enterprise these days, but as storage networks move into the IP world, these consolidated storage infrastructures become enticing targets.

New appliances from companies such as Decru Inc. (www.decru.com) take over where network security products including intrusion detection systems, firewalls and virtual private networks leave off by adding two-factor authentication between clients and NAS (network-attached storage) units.

Decrus DataFort E440 encryption appliance (pictured) sits in the network between storage units and clients and provides wire-speed encryption using its storage encryption processor.

Implementation of the E440 is not intrusive; agents are not required on either the storage or client side of the network. This kind of transparency is an important factor with products in the storage security category because IT managers dont want to implement technology that makes storage networking too complicated or could break applications.

Since the E440 supports protocols such as CIFS (Common Internet File System) and NFS (Network File System), it should easily plug into any NAS or file server environment.

The E440, which costs $30,000, also can authenticate to the Active Directory, Windows NT, LAN Manager and NIS (Network Information System) network authentication platforms found in most networks.

The E440 supports Microsoft Corp.s Windows NT 4.0 Service Pack 6a, Windows 2000 Professional/Server (SP0 and SP1) and Windows XP.

Once implemented, the E440 can encrypt data sitting on file servers and NAS systems. Data sent from the client to the network storage device (NAS or file server) is encrypted by the E440 before it is sent.

Data Protection

When clients request data, the E440 acts as a proxy between the client and storage system and decrypts the data for the client.

Decrus encryption algorithms protect data using 256-bit-key Advanced Encryption Standard. To create keys, the DataFort appliance uses a random number generator, and multiple keys are used to make sure that no data is transported in clear text.

E440 units can be deployed as failover pairs to ensure that they dont become single points of failure.

For storage area network environments, IT managers can use the DataFort FC440 to secure Fibre Channel networks. The FC440 supports both fabric and FC-AL (Fibre Channel-Arbitrated Loop) environments.

The DataFort appliances began shipping in October.