Encrypt SAN Data At The Host? Emulex Says Yes
October 27, 2010
Whether it's fear of losing valuable or embarrassing data or just playing it safe, the security folks in your organization are probably encouraging you to encrypt as much of your data as possible both in flight and at rest. Emulex's newest encrypting Fibre Channel HBAs (Host Bus Adapters) adds another arrow to storage admin's quiver for encrypting your data and tracking the all important keys.
A few years ago the college I worked at received a directive from the state CIO strongly encouraging the use of full disk encryption on all servers. We took a look at the available options and decided that we'd encrypt our tape data. The data at rest on server drives in a secure data center was at much bigger risk from network hacking than from someone breaking into the data center and stealing the disk drives. If someone stole the drives, they would also have to steal the keys that are stored on the servers to access the data.
Encrypting your data at rest has the added benefit of eliminating the risk of data breaches at disposal time. If the data on a disk or array is encrypted, and the keys are stored separately, you can return failed drives to Seagate, or EMC, or even get a small percentage of your investment in that CX-500 or DL380 back by selling it on eBay complete with disk drives.
Without encryption you're limited to more time consuming options like degaussing, shredding or my personal favorite melting into a pool of liquid metal with thermite. The problem with all these methods is you have to keep track of "retired" drives and their ultimate disposition. In a big company there's always the risk of some junior IT guy selling drives on eBay he listed as destroyed.
In the past I've been somewhat more skeptical of the need to encrypt SAN traffic in flight. In general encrypting data in flight is a protection against snooping attacks where someone intercepts the data stream and reads it. When Fibre Channel SANs were contained in the data center the proverbial attacker would need to be in my data center to get access to the data. Since an un-trusted person in the data center is by itself a problem I wasn't worried about that un-trusted person plugging into the SAN.