Howard Marks

Network Computing Blogger


Upcoming Events

A Network Computing Webinar:
Avoiding Downtime: How Virtualization Can Help In Times of Trouble

June 12, 2013
11:00 AM PT / 2:00 PM ET

Are you caught between a desire for the benefits of the cloud and concerns about security and control? Then you should attend this insight-packed webinar to learn how private data networking technologies like MPLS IP-VPNs can address your concerns and allow you to safely and intelligently reap the savings, agility and other benefits associated with cloud computing.

Join us to hear top industry experts discuss the private data network technologies that are best suited for enterprise cloud access requirements. You won't want to miss this opportunity to learn how your organization can best mitigate risk while reaping the full potential benefits of the cloud.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

See more from this blogger

Encrypt SAN Data At The Host? Emulex Says Yes

Posted by Howard Marks
October 27, 2010

Whether it's fear of losing valuable or embarrassing data or just playing it safe, the security folks in your organization are probably encouraging you to encrypt as much of your data as possible both in flight and at rest.  Emulex's newest encrypting Fibre Channel HBAs (Host Bus Adapters) adds another arrow to storage admin's quiver for encrypting your data and tracking the all important keys.

A few years ago the college I worked at  received a directive from the state CIO strongly encouraging the use of full disk encryption on all servers.  We took a look at the available options and decided that we'd encrypt our tape data. The data at rest on server drives in a secure data center was at much bigger risk from network hacking than from someone breaking into the data center and stealing the disk drives. If someone stole the drives, they would also have to steal the keys that are stored on the servers to access the data.

Encrypting your data at rest has the added benefit of eliminating the risk of data breaches at disposal time.  If the data on a disk or array is encrypted, and the keys are stored separately, you can return failed drives to Seagate, or EMC, or even get a small percentage of your investment in that CX-500 or DL380 back by selling it on eBay complete with disk drives.  

Without encryption you're limited to more time consuming options like degaussing, shredding or my personal favorite melting into a pool of liquid metal with thermite.  The problem with all these methods is you have to keep track of "retired" drives and their ultimate disposition.  In a big company there's always the risk of some junior IT guy selling drives on eBay he listed as destroyed.

In the past I've been somewhat more skeptical of the need to encrypt SAN traffic in flight.  In general encrypting data in flight is a protection against snooping attacks where someone intercepts the data stream and reads it. When Fibre Channel SANs were contained in the data center the proverbial attacker would need to be in my data center to get access to the data.  Since an un-trusted person in the data center is by itself a problem I wasn't worried about that un-trusted person plugging into the SAN.


Page:  1 | 2  | Next Page »


Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

More Insights

White Papers

More >>

Webcasts

More >>

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

May 2013
Network Computing: May 2013

May 2013
Special Issue
Network Computing: May 2013

Video


WATCH: Bob Metcalfe Plans Ethernet's 40th

WATCH: CES 2013: It's A Wrap!

WATCH: Intel touts tablets, smartphones at CES 2013


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Upcoming Events

Featured Whitepapers

 
 
What's this?
More >>


Featured Reports

 
 
What's this?
More >>


BlogRoll

TechWeb Careers