Businesses looking for ways to protect data in networked storage arrays might be interested in a start-up that has unveiled appliances designed to encrypt and decrypt storage data without hurting network performance.
The company, called Decru Inc., was founded in April 2001 by Dan Avida, formerly CEO and co-founder of Electronics for Imaging, and Serge Plotkin, an associate professor of computer science at Stanford University. The company has secured US$43 million in funding from investors that include Benchmark Capital, Greylock and In-Q-Tel, the venture capital arm of the U.S. Central Intelligence Agency (CIA).
The company came out of stealth mode this week with a pair of appliances that fit into storage-area network (SAN) and network-attached storage (NAS) environments. The DataFort E440 is for file-based, or NAS, deployments and has two Gigabit Ethernet ports. The DataFortFC440 is designed for block-based, or SAN, architectures and has two Fibre Channel ports. Available now, the appliances range from $30,000 to $40,000.
The appliances are deployed between a LAN and file servers, and require no changes in network setup, says Avida, Decru's president and CEO. The devices use a hardware engine to encrypt and decrypt data at wireline speeds and use 256-bit key Advanced Encryption Standard encryption.
Users can configure the DataFort to encrypt specific data, and the device can hook into existing directories to set authentication rules to restrict access to data based on user ID. That lets groups within an organization share storage infrastructure, but ensure that their particular data is protected, Avida says.
Today, most companies protect the perimeter of their networks, but leave storage at the core vulnerable, Avida says. He points to statistics from RBC Capital Markets that show that the majority of hacker attacks originate from inside an organization.
"We think the perimeter defense is no longer good enough," Avida says.
Users seem to agree.
Greg McGrath Sr., director of IT for Incyte Genomics Inc., a biotechnology firm in Palo Alto, says he is looking for a way to better secure his SAN and NAS storage. Incyte has been beta-testing the DataFort appliance to secure its NAS installation.
"Our security model had been the hard outer shell where we're very protected against people trying to come in through the Internet," McGrath says. "But once you're part of the internal network, security is pretty loose. People could get on machines and cruise around pretty easily.
"Why a device like this is really useful is because there is a lot of internal corporate data that we want to secure, whether financial or human resources - the more secure the better," he says.
He says the product was easy to install and hasn't been tough to manage.
Analysts say Decru is facing competitors such as Neoscale Systems Inc. and Vormetric Inc., which also focus on storage security, an issue that's gaining greater importance as companies move from direct-attached architectures to distributed environments.
"In the past, storage was a closed environment," says Jamie Gruener, senior analyst with The Yankee Group. "But as you add network protocols there is a growing need for better security. There are a host of vendors, including Decru, that have a good start in terms of being able to provide security tools that would allow you to deal with these issues head on."