Until recently, few people lost much sleep wondering whether their data storage was secure the disks themselves were locked up in the data center. But with the shift from direct-attached to networked storage, danger seems to be lurking behind every corner, and the monsters under the bed have been multiplying.
Storage administrators have every reason to worry. In January of this year, for instance, IBM Information Systems Management, a subsidiary of IBM Corp. (NYSE: IBM), lost a hard drive belonging to one of Canada's largest insurance companies. The 30 Gbyte-drive, which has since been recovered, contained the personal files of at least 180,000 Co-operators Life Insurance Co. clients (see IBM Loses Insurer's Data).
One month later, online intruders got into the system of an Omaha-based company that handles credit card transactions for retailers and financial institutions, making off with as many as 8 million Visa, MasterCard, American Express, and Discover credit card numbers. Then, in March, the University of Texas had to inform more than 55,000 of its students and faculty that a hacker had got hold of their personal information, including social security numbers, names, addresses, and email addresses.
These are just a few of the security breaches that have actually been reported. Most are not.
There's a new class of storage encryption appliances that are designed to ward off nightmare scenarios like those described above. As the vendors in this emerging space are quick to point out, if the institutions whose data was compromised had encrypted the information resting on their disks and servers, they would not have had to worry about it being stolen.