Storage-Security Combo Helps Safeguard Personal Info

Opinion: Laws and new products that merge storage and security aim to help keep personal information from being compromised.

Network Appliances $272 million acquisition of Decru (which is expected to close in October) is just one of many signs that the worlds of storage and security are converging. And its a timely convergence.

In the good old days, bad security news was a DDOS (distributed denial of service) attack or the emergence of yet another IE security vulnerability. For a long time, IT managers took the security of storage devices such as arrays and tapes for granted. But with physical data loss (where backup tapes are either stolen or misplaced) on the rise, IT managers need to put more effort into their security policies.

Today, security incidents that compromise the personal information of thousands and sometimes millions of customers are occurring with startling frequency.

Laws such as California Civil Code Section 1798.8 (formerly known as California SB 1386), which force companies to notify customers when their personal information is compromised, have made encryption a priority for companies.

On a national scale, a new bill called the Personal Data Privacy and Security Act (PDF file), proposed by Sen. Patrick Leahy of Vermont and Sen. Arlen Specter of Pennsylvania, would require companies storing information on more than 10,000 people to report security breaches to affected clients.

The 91-page bill also defines strict penalties for people guilty of concealing security breaches or facts pertaining to a breach where sensitive personal information has been endangered, with a fine and/or up to five years of prison time.

Given the changing legal climate and forthcoming stronger laws, IT managers need to prioritize the implementation of data-protection procedures and protocols.

Decrus DataFort Appliance, winner of eWEEKs most recent Excellence Award for enterprise storage hardware, allows IT managers to easily encrypt data residing on their storage systems, whether those systems are based on NAS (network-attached storage) file shares, disks or even tape.

As much as I like Decrus DataFort appliances, there are other competent solutions on the market that IT managers should look at today. NeoScale Systems CryptoStor Tape appliances, like Decrus solution, can protect backup tapes with 3DES or AES encryption. With tape encryption in place, IT managers neednt worry about compromised data if batches of tapes are stolen from the data center or while in transit to a remote DR site.

I am testing another solution, Ingrian Networks DataSecure Appliance. Unlike Decru and NeoScale Systems solutions, which encrypt physical storage (tapes and arrays) and network file systems, the DataSecure Appliance protects data at the application level.

Using a DataSecure Appliance, IT managers can encrypt sensitive data fields in their databases (for example, fields containing Social Security numbers, credit card numbers and account passwords). Because it protects on an application level, a DataSecure Appliance can guard against such internal threats as rogue database administrators.

More information on the Ingrian Networks solution will be available in my upcoming review.

eWEEK Labs Senior Analyst Henry Baltazar can be reached at


Check out eWEEK.coms for the latest news, reviews and analysis on enterprise and small business storage hardware and software.