Tip

How to secure primary storage for life outside the data center

Storage security is typically one of those practices that value-added resellers (VARs) struggle with in their discussions with customers. The obvious use case is to secure tape media that leaves a customer's facility. Oftentimes, the data is encrypted either on the tape drive or by an appliance. But tape encryption is standard fare and nothing new for customers. You're unlikely to impress with that. Primary storage, on the other hand, is a different story. It's a much more interesting proposition -- both for customers and for storage integrators.

Your customers might not even be fully cognizant of the threat to primary storage. Of course, it doesn't leave a customer facility in the normal course of operations, and most customers have physical access controls to protect against staff or contractor threats while in the data center. But make no mistake, hard disk storage does leave the data center and, like with tape media, it needs to be secured via

    Requires Free Membership to View

encryption.

For data on primary storage to be useful, for the most part, the whole storage array has to be together. And it's very unlikely that someone will steal a full array from a customer's data center. But there are two scenarios in which primary storage leaves the data center fully assembled: during a data center move or following the decommissioning of a primary storage array, when it's sold on an online auction site or otherwise disposed of.

Your customers need to understand that formatting the drives (for the purpose of erasing them) prior to disposal is not enough. Data can be recovered off of formatted drives. Alternately, your customer could choose to physically destroy the drives, but doing so obviously means they won't be able to sell them as used equipment.

That's where encryption comes in. Encryption essentially secures the data by rearranging it on the drives so that a key is required to access and understand that data.

With primary storage encryption, the data is encrypted all the time, but the keys to access are inside the data center so the users of that data have transparent access to it even though it's encrypted. Once a user is authenticated into the network, he doesn't need to keep entering the key to gain access to the data on that network.

When the storage leaves the data center, the keys should stay in the data center. They shouldn't go with the storage. As a result, the data on the storage will be totally unreadable and safe to be moved, disposed of or resold.

Offering your customers storage encryption as means to secure data against unauthorized theft is typically a non-starter. But offering storage security as a means to safely move, decommission or resell existing storage shows that you have that kind of planning in mind, making you better-qualified to earn their future business.

About the author

George Crump is president and founder of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. With 25 years of experience designing storage solutions for data centers across the United States, he has seen the birth of such technologies as RAID, NAS and SAN. Prior to founding Storage Switzerland, George was chief technology officer at one of the nation's largest storage integrators, where he was in charge of technology testing, integration and product selection. Find Storage Switzerland's disclosure statement here.

This was first published in August 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.