Nexsan Encrypts CAS

Nexsan Technologies Inc. has launched Assureon, a storage appliance with built-in security for "bulletproof" archiving (see Nexsan Expands Market ).

Assureon is the offspring of Nexsan's acquisition in March 2005 of EverTrust, a supplier with CAS and security technologies (see Nexsan Targets CAS Startup). It is the vendor's first effort to build on its stock-in-trade SATA and ATA storage gear.

Nexsan claims Assureon is the first system to combine content-addressed storage (CAS) with top-line security features, an ILM policy-making interface, and a variety of storage media, including SATA disk, tape, and optical.

Do customers really need it?

Nexsan says yes, pointing to the recent flurry of security breaches as evidence that burgeoning archived data needs to be secured (see A Tale of Lost Tapes and Diskers Enjoying Tape Woes). Assureon features 256-bit AES encryption, access and file authentication, remote key storage, continuous integrity checks, and automatic "cryptoshredding" of keys.Assureon comprises a cluster of server processors, variable amounts of back-end storage, and software, designed for OEM mix-and-match. A starting configuration includes 4 to 42 Tbytes of mirrored storage (or 8 to 84 Tbytes of raw storage), plus four Intel server processors. All this comes in a pedestal unit that can expand to include up to 168 Tbytes of raw storage -- and daisy-chained for massive capacity. The tape and optical connectivity aren't automatically included.

Assureon is among the first CAS archives to support AES encryption. The Centera system from EMC Corp. (NYSE: EMC) doesn't offer integral encryption. And Storage Technology Corp. (StorageTek) (NYSE: STK) offers hashing via SHA-256 in the first release of IntelliStore (see StorageTek Rolls Its Own CAS and EMC Widens CAS Pool).

At least one security vendor, Kasten Chase Applied Research Ltd., also targets CAS with encryption, but that vendor's Assurency SecureData appliance doesn't come with the CAS included. Instead, it works with an attendant card and software for servers. The appliance manages the keys, the card does AES 256 encryption and works with the server's resident CAS application.

Other standalone storage devices, including other wares from Kasten Chase, purport to encrypt both data at rest in archives or in the storage network itself. Decru Inc.

and NeoScale Systems Inc. fit into this segment.

So what is the advantage of standalone or integral CAS encryption? It may come down to convenience and price. Assureon ranges from $12,500 per Tbyte for the base configuration noted above and can go as low as $4,500 per Tbyte for a fully loaded box with 168 Tbytes of raw capacity.In contrast, pricing for standalone appliances like those from Decru and NeoScale ranges from $10,000 to $50,000, give or take. Add that to the cost of a CAS system, and Assureon starts to make more sense.

Unfortunately, that brings up a drawback: Today, Assureon isn't aimed at small businesses, which are especially bent on consolidation of data center and storage gear. A version due out in the first quarter of next year, execs say, has a smaller, more SMB-friendly base configuration. A version with SAS connectivity is also on the roadmap.

Another question mark hangs over Assureon's software-based approach to encryption, which traditionalists may say lacks the performance of hardware-based security. That's where the mix-and-match approach comes in. "You can scale processors to increase throughput," says Brendan Kinkade, Nexsan's VP of marketing.

At least one analyst says Assureon may not be everyone's cup of tea. "It's an additional layer of security... a nice differentiator for a CAS archive," says analyst Brad O'Neill of the Taneja Group consultancy. But he adds that standalone appliances may do more for storage networks.

Another source agrees. "I think we will see encryption point solutions in the near future -- that is, encryption for devices like a CAS system, or a tape drive, or laptop," writes Dianne McAdam of the Data Mobility Group consultancy in an email. "However, longer term, I think the big vendors will develop and deliver encryption systems that will manage the data from the point of origin (such as the server) to the end storage device -- and provide one centralized management view of encrypted data."Mary Jander, Site Editor, Byte and Switch