Storage Security: Cause for Concern?

Storage security isn't a big problem so far, and vendors are busy brainstorming ways to prevent it from becoming one.

BURLINGTON, Mass.—Storage security isnt a big problem so far, and vendors are brainstorming ways to prevent it from becoming one.

There are no reports or industry statistics of customers actually suffering break-ins into Fibre Channel storage-area networks, where most of the worlds mission-critical data is stored, but its been done in laboratories, a panel of experts sponsored by research firm Inc. acknowledged here today. Still, there are other reasons for enterprises to pay attention, they said.

"Most of the storage guys dont talk to the security guys at most companies," said Hari Venkatacharya, senior vice president of Mississauga, Ontario, startup Kasten Chase Applied Research Ltd. Thats why "the discussion has to be elevated above simply SANs," he said.

Customers need to consider security from even encrypted legitimate front-end storage access, not necessarily from back-end literal hacks, he said.

Also, recent legal requirements mean that unless much technology—specifically storage—is tweaked, companies could inadvertently become criminals. Big companies like EMC Corp. and Microsoft Corp. already offer relevant products.

But customers may not be ready for point solutions. "The business guys have been the hockey goalies," noted Mark Shirman, CEO and president of GlassHouse Technologies Inc., a storage consultancy and integrator in Framingham, Mass.

Hopkinton, Mass.-based EMC, for its part, is in the early stages of determining what customers want for its high-end storage arrays. Regarding the various startups and established networking and security companies numerous approaches to storage, "As customers demand these we will put together solutions and put them in place. Youre going to be doing your own component integration there" just as in standard networking security today, said David Black, senior technologist.

Also, while "we have conversations about providing additional security features on a regular basis" with large customers about how to build replicable solutions, "EMC does not view security as a product or an ROI we will sell," Black said.

Lack of a common definition of the problem, along with a focus on technology rather than business processes, are both ongoing concerns for customers, panel members agreed.

Analyst and customer advocate Jon Toigo, in a separate interview today, said storage technologys bigger management problems only contribute to the security issues.

"The tools for even managing a SAN are so slipshod and poor, it would amaze me if anything with any granularity" could protect and report storage security, he said, in Dunedin, Fla. "I cant believe for the life of me that nobodys ever tried to hack into a storage platform. There are holes on the server side that give people access."

Latest Storage News: