Feeds

Myth of storage security savaged

Storage security "imperative" for 2002 - Yankee

  • alert
  • submit to reddit

Intelligent flash storage arrays

Storage security will become an "imperative" this year as the adoption of Internet technologies undermines the comforting notion that storage networks are safe from hacker attacks.

In an analysis of storage security, the Yankee Group concludes that security will become an essential aspect of deployment strategies as users expand disaster recovery planning or roll out storage networks that mix multiple network protocols.

Yankee is seeking to dispel the impression that dedicated, Fibre Channel storage networks are "closed" networks i.e. not subject to security breaches. As mixed IP-Fibre Channel storage networks or IP storage networks become deployed security will be even more important, the research house argues.

"Customers have used a combination of zoning and LUN masking to segregate how users and servers connect to SANs, but both methods still can offer holes to hackers by being difficult to configure and manage as the number of network nodes increases," Yankee analyst Jamie Gruener writes.

"The emergence of IP-based storage networks will increase the need for specific storage security policies, due to increased complexity of managing these mixed networks."

Vendors have announced products which protect the integrity of data through software management tools, at the storage array levels, within the storage network switch, and in dedicated function storage security processors.

Brocade, the largest storage networking vendor, has promised to deliver new security features through its Fabric OS management software. Emerging firms are also carving a niche. For example, FalconStor is offering key-based encryption as part of its virtualisation software and NetOctave, an IP chip vendor, has launched a security processor designed specifically for the storage market.

Yankee adds a caveat to this by saying there isn't a standard way to solve the storage security problem and the market hasn't got beyond the delivery of point products. Storage vendors need to take an active role in promoting storage security best practices and technologies - or risk a backlash, Yankee warns.

Gruener said: "Without adequate strategies to help customers deal with the emerging storage security problem, vendors will likely be susceptible to customer scrutiny in the longer term as the level of complexity and exposure for breaches increases." ®

Related Stories

Brocade flips 2Gbps FC switch
Compaq top of the SAN tree
Sayanora to SAN Squabbles
Cisco enters storage market
Storage is dead dull, right?

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.