Moving ahead with data security

How does your company enforce data security? I bet most of your answers will involve procedures based on host applications that have varying degrees of sophistication, depending on how much is at stake with a security breach.

A different question, "Does your company have independent, storage-based data protection measures?" will probably just trigger blank stares, because data protection is mostly entrusted to host-residing applications and, at the moment, there are very few alternatives to that approach.

Host-based data-protection works well (and has for many years) in cohesive environments where servers or mainframes never release their grip on data. Unfortunately, with the growing use of networked storage, cohesive environments are becoming less and less common.

In fact, in many SANs, no single host has a comprehensive view of all LUNs (logical unit numbers), so assigning the proper watchdog often becomes a challenge. Moreover, those LUNs often move from one host to another to allow for, say, maintenance or contingency procedures. Obviously, the host-based security apps (and their licenses) should obediently follow.

To complicate things further, consider that many LUNs are created without host involvement or awareness, perhaps from mirroring applications residing on a storage appliance or on the storage network.

Add all of this up and it's easy to see how immensely complicated the work of the host-bound security administrator really is. It seems obvious that applications residing on a storage network can better protect data residing on that network than applications that reside on a host can.

With that in mind, Symantec's soon-to-be-completed acquisition of Veritas Software sounds like a significant step toward protecting networked storage because it will bring together a strong presence in security applications and an exceptional portfolio of storage applications.

We should see the effects of that deal in the near future, but not everybody agrees with my optimistic outlook, as I learned during a conversation with Danny Milrad, senior product marketing manager at Veritas.

Milrad doesn't mention a specific date or product, but he is sure that the merger with Symantec will generate storage applications that are more security conscious. "I don't understand why people have a hard time grasping that," he says.

Marketing hype? Perhaps, but the recent announcement that Network Appliance will buy Decru is another indication of a renewed sensitivity for data protection in a big storage company. As you may remember from a March 1 post to The Storage Network, Decru offers host-independent, appliance-based encryption for networked storage, supported by a robust authentication system that uses smart cards with varying degrees of authority assigned to each user. To me, the most important aspect of this acquisition deal is that Decru's approach to security -- and to storage-hosted data protection in general -- gets a significant nod of approval from an influential vendor such as NetApp.