Two become one: Making sense of storage and security convergence

The merging of two IT industries always leads to the formation of a new buzzword, followed by a period of furious head-scratching as to what exactly it means. Integrators and their customers are best advised to wait on the sidelines until the dust settles, standards are set and commodification, that harbinger of good value, arrives.

The latest amalgamations between storage and security vendors are no exception. The commotion has given rise to the inventive term “storage security”, and players from both sides are yelling over each other to provide the definitive definition.

Predictably, sellers of anti-virus and email applications say it’s all about securing communications, sellers of storage arrays are concerned about authentication and sellers of security appliances believe that nothing’s secure unless it is encrypted to military standards, and then some.

Behind the hype, most of what vendors are saying about storage security is nothing more than the standard security practices and services already encouraged and ignored.

The actual process of integrating security into storage appliances has already been occurring for some years, but vendors are indicating that it will now pick up speed. Security will eventually be subsumed into storage as an essential feature, as were reliability and compatibility.

Each part of a storage system – an array, controller, hard drive – will have integrated security features as cost options, such as encryption, authentication and authorisation.

There are several trends at work which have made security an indispensable requirement of storage.

One trend is the evolution of e-commerce and the interdependent relationships between customers, vendors and partners that it creates. Before e-commerce became commonplace, every company used to fortify its storage behind a firewall that was assumed to be as secure as the Iron Curtain, with very little traffic passing into the insecure outside world.

But now that firewall is regularly penetrated by partners accessing product databases and event calendars, VPNs set up by roaming sales staff and executives, and customers making online payments.

Dennis Hoffman, vice president of information security

“The perimeter is gone because Web-based interactions with partners and customers are such that many companies’ internal applications are being opened up to the world,” says Dennis Hoffman, vice president of information security, EMC. “So it’s hard for an IT manager to step back and say, that’s my perimeter.”

The perimeter, while still protected, must now be assumed to be compromised. Storage, now managed through an IP interface, requires the same level of protection as other elements of the network.

Hoffman gives the example of EMC’s Powerlink application, which once served as a database behind the perimeter for the internal sales force. Now it straddles the perimeter as EMC’s partner portal and customer knowledge base portal as well.

emchdsidcrsasecuritystorage