Storage security is not a very popular topic -- in fact, looking back at last year's news, it's rarely brought up. Perhaps it's because all the attention of the security-minded people goes to the unceasing attacks on e-mail or the countless soft spots found in Internet Explorer or Windows.
Obviously, when there's a new security breach, CTOs put on their firefighter helmets and run to put out the fire. Unfortunately, all that commotion also pushes less urgent tasks, such as developing OS-independent shields around storage infrastructures, to the back burner.
I would argue that diverting attention and resources from other security-focused activities is probably the worst and most damaging side effect of the Windows-vulnerabilities soap opera.
The potential damage from nonsecured storage is huge. Think how easy it is for a co-worker or a consultant to copy gigabytes of sensitive data to a laptop or to a portable drive. That person may have the best reasons to make that copy, but if the data falls into the wrong hands, your company can quickly find itself in hot water. A policy that mandates encryption of critical data stored to mobile devices is a good remedy, but I doubt that many companies have or enforce that policy.
Ironically, implementing a business-continuity strategy with data replicas at remote sites opens more risk of data disclosures, unless you also encrypt data traveling across the WAN.
This brings me to a new product from Neoscale, a company that specializes in storage security devices, including CryptoStor FC (Fibre Channel) and CryptoStor for Tape. Those two appliances provide encryption and access authentication for FC-based storage networks and for tape devices.
As have its predecessors, the name of Neoscale's latest product, Cryptostor SAN VPN, spells out its functionality -- or it should. If you are confused by the appearance of the apparently conflicting acronyms SAN and VPN in the same sentence, here is the legend: The new appliance -- actually a pair of them -- provide strong, transparent data encryption if your storage network spans a MAN (metropolitan area network).
"CryptoStor SAN VPN is a FC-in, FC-out, point-to-point link encryption device," says Robert Lockhart, senior product manager at Neoscale. He adds that the device borrows the concept of tunneling from VPN solutions, providing tunneling of FC data streams across a WDM (wave division multiplexing)/SONet network.
If your WAN is built on IP links, CryptoStor SAN VPN is not for you. And if you're wondering why Neoscale's new appliance focuses only on MAN connections, a comment from this reader, posted on The Storage Network, explains why.
Obviously, a quick MAN connection cuts off TCP/IP delays and is the best stage to show off the low latency of the appliance. "The worst case is an 80-microsecond latency," Lockhart says. "But the average is 60 microseconds -- and that includes encryption."
If you are rearchitecting your business continuity with an eye on multisite data protection, consider adding the extra layer of protection that Neoscale SAN VPN provides. That is, if patching your OS and browser leaves any time for it, of course.
Mario Apicella is a senior analyst at the InfoWorld Test Center.