It's getting scary out there, and we had all better start getting nervous.
These days it's pretty much a given that networked storage is most practical for companies that have to share their data among multiple users or processes. Networked storage - be it network-attached storage or storage-area network (SAN), Fibre Channel-based or running on Ethernet - is easier to manage than direct-attached storage. Networked storage offers better access, scalability and performance, as well as improved business continuance through low-impact backup and recovery functions.
Storage is also starting to be deployed on LANs and to remote locations via iSCSI, a new technology that we have reported on favorably in the past. ISCSI offers a relatively cheap, non-Fibre Channel-based way for smaller companies and departments to take advantage of networked block I/O, and to manage this remote storage with relative ease.
But among all this networked data, however centralized it may be, there is a fly in the ointment: is corporate data still secure?
Data remains somewhat safe on the servers, and while "somewhat" may be only slightly better than "hardly at all," it is at least something. On the servers and within the SAN, security takes various forms. Among these may be LUN masking, authenticated SAN architectures, data encryption, hiding/distributing actual data locations by virtualization, and zoning.
But these approaches typically only secure the data where the data lives, and not where the data goes. If we assume that data maintains its importance when it leaves the server (why else have it?), we should grant that data needs to be protected also on each of the far-flung nodes of the network, (I think it's better this way. Agree?) and across the space in between.
How secure is the data once it hits the network? That is anybody's guess. But if your company has a wireless LAN as part of its infrastructure, it is a pretty good bet that data in transit can be easily captured and compromised.
Perhaps the greatest potential for a violation however, occurs when the data hits the dozens (or hundreds or thousands) of client machines. Walk through most office supply stores these days and you will see a new kind of product, usually hanging from racks near the cell phones. For less than $100, you can buy a "stick" of memory that, when inserted into a USB port, gives you the ability to walk off with 64 M-bytes of data. It takes a matter of minutes for anyone to copy that much data onto such a device and head for the door. And what happens then? These things are about the size of a pack of gum, so you be the judge.
You are safe from all this, of course, if your desktop machines don't have USB ports. But they are there if you bought those machines within the last two years.
Clearly what we all need is end-to-end security, a system that safeguards data in transit, and data on the desktop and laptops as well. Earlier this year, the Storage Networking Industry Association formed the Storage Security Industry Forum to look into storage security (see: "Keeping your data secure"- http://www.nwfusion.com/newsletters/stor/2002/01366119.html.
Let's hope the Forum's attention covers data not just where IT aggregates it on the servers, but along every inch of the route it travels as well, both on and off the network.