Do you need air gaps for storage security?
- 04 September, 2006 08:42
I've been reading some storage user group banter that talks of how storage administrators need to give their application users an "air gap."
What's an air gap? Taken literally, it's a space between dedicated storage arrays or arrays and nonsecure networks that could access the data. Partitioning an array and/or a storage network may not be enough to satisfy air-gap-sensitive users. They want to see their data physically separated from everyone else's. In other words forget that storage-area network stuff. Give me direct-attached storage. And if it can't be DAS, then it has to be my SAN or my network-attached storage.
The air-gap mentality reminds me of a challenge that early storage services providers needed to overcome. They had to demonstrate to prospective customers that their data would not somehow get mixed up with someone else's. Bad things would happen. I thought those days were behind storage administrators. Apparently not.
What's behind the air gap mentality? Two words: privacy and security. At the moment, these two words have the power to transcend the best security practices that storage networking technology has to offer.
Think back to an old Dustin Hoffman/Sir Lawrence Olivier movie, The Marathon Man. The most memorable scene to me was where Olivier, playing an ex-Nazi turned dentist, grinds away at Dustin Hoffman's teeth, repeatedly asking, "Is it safe? Is it safe?" Now swap Hoffman's squirming image with that of a friendly, well-meaning storage administrator. Is it safe? That's all application customers may want to know about their storage at the moment.
No one wants to wear a personal identity exposure headline. No one wants to get fired over a security breach. We're talking about career-ruining events here. So, if it's DAS they want, then DAS they'll get. And, if I'm reading the chatter correctly, white-box storage will be the major winner.