Myth of storage security savaged

Storage security "imperative" for 2002 - Yankee


Storage security will become an "imperative" this year as the adoption of Internet technologies undermines the comforting notion that storage networks are safe from hacker attacks.

In an analysis of storage security, the Yankee Group concludes that security will become an essential aspect of deployment strategies as users expand disaster recovery planning or roll out storage networks that mix multiple network protocols.

Yankee is seeking to dispel the impression that dedicated, Fibre Channel storage networks are "closed" networks i.e. not subject to security breaches. As mixed IP-Fibre Channel storage networks or IP storage networks become deployed security will be even more important, the research house argues.

"Customers have used a combination of zoning and LUN masking to segregate how users and servers connect to SANs, but both methods still can offer holes to hackers by being difficult to configure and manage as the number of network nodes increases," Yankee analyst Jamie Gruener writes.

"The emergence of IP-based storage networks will increase the need for specific storage security policies, due to increased complexity of managing these mixed networks."

Vendors have announced products which protect the integrity of data through software management tools, at the storage array levels, within the storage network switch, and in dedicated function storage security processors.

Brocade, the largest storage networking vendor, has promised to deliver new security features through its Fabric OS management software. Emerging firms are also carving a niche. For example, FalconStor is offering key-based encryption as part of its virtualisation software and NetOctave, an IP chip vendor, has launched a security processor designed specifically for the storage market.

Yankee adds a caveat to this by saying there isn't a standard way to solve the storage security problem and the market hasn't got beyond the delivery of point products. Storage vendors need to take an active role in promoting storage security best practices and technologies - or risk a backlash, Yankee warns.

Gruener said: "Without adequate strategies to help customers deal with the emerging storage security problem, vendors will likely be susceptible to customer scrutiny in the longer term as the level of complexity and exposure for breaches increases." ®

Related Stories

Brocade flips 2Gbps FC switch
Compaq top of the SAN tree
Sayanora to SAN Squabbles
Cisco enters storage market
Storage is dead dull, right?


Other stories you might like

  • OpenID-based security features added to GitHub Actions as usage doubles

    Single-use tokens and reusable workflows explained at Universe event

    GitHub Universe GitHub Actions have new security based on OpenID, along with the ability to create reusable workflows, while usage has nearly doubled year on year, according to presentations at the Universe event.

    The Actions service was previewed three years ago at Universe 2018, and made generally available a year later. It was a huge feature, building automation into the GitHub platform for the first time (though rival GitLab already offered DevOps automation).

    It require compute resources, called runners, which can be GitHub-hosted or self-hosted. Actions are commands that execute on runners. Jobs are a sequence of steps that can be Actions or shell commands. Workflows are a set of jobs which can run in parallel or sequentially, with dependencies. For example, that deployment cannot take place unless build and test is successful. Actions make it relatively easy to set up continuous integration or continuous delivery, particularly since they are cloud-hosted and even a free plan offers 2,000 automation minutes per month, and more than that for public repositories.

    Continue reading
  • REvil gang member identified living luxury lifestyle in Russia, says German media

    Die Zeit: He's got a Beemer, a Bitcoin watch and a swimming pool

    German news outlets claim to have identified a member of the infamous REvil ransomware gang – who reportedly lives the life of Riley off his ill-gotten gains.

    The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

    "He seems to prefer T-shirts from Gucci, luxurious BMW sportscars and large sunglasses," reported Die Zeit, which partly identified him through social media videos posted by his wife.

    Continue reading
  • A Windows 11 tsunami? No, more of a ripple as Microsoft's latest OS hits 5% PC market

    Next version of Windows 10 looms around the corner

    Microsoft's Windows 11 OS has notched up a respectable near 5 per cent of PCs surveyed by AdDuplex, as another Dev Channel build was unleashed with new features for the favoured few.

    With less than a month of General Availability under its belt, Windows 11 now accounts for 4.8 per cent of "modern" PCs (Windows Insiders running the OS account for 0.3 per cent) according to the ad platform. The figure is up from the 1.3 per cent in September, which was Insider-only and points to some migration to the production version of the software.

    The figure is both an indicator of Microsoft's cautious approach to releasing its wares and the limited amount of hardware that can actually run the round-cornered OS.

    Continue reading

Biting the hand that feeds IT © 1998–2021