Storage CTOs Debate Security

SAN DIEGO -- Storage Networking World -- Executives from leading storage vendors identify data security as a major issue for storage networks, but most conclude there are no quick or easy fixes.

Members on a CTO panel here today agreed they need to address security issues with technologies that provide protection in the form of encryption, authentication, authorization, and identity management. But the work is complicated and standards aren't there yet.

Tom Edsall, SVP of Cisco's data center unit, gave users an ominous warning. "The problem with security is, as a customer, it will make your life more complicated," he said. "We're not doing this to simplify things."

Others agreed that solving the problem of securing data is far more difficult than identifying it. (See Insider: Encryption Means Planning) "A lot of people say, 'Oh my God, we need security,' but they don't know what the answer is," Brocade CTO Dan Crain said. "Even encryption can take different forms. There's not going to be one answer to security. There are many chunks of stuff that will come into play."

Hitachi Data Systems CTO Hu Yoshida says people in storage are trying to catch up to their networking cousins. "Security starts with authentication -- who's talking to each other," he said. "There's also integrity of data, and this could be through encryption. There's a lot of work we need to do in the storage world to be secure, and we're taking our lead from the networking world."Are the vendors just being obtuse or even stubborn, especially in light of standards efforts like the IBM-sponsored Aperi? (See Aperi Appears Amid Questions.) The panel agreed storage products would benefit from open source code, but disagreed on the best way to get there. They debated Aperi, which hasn't received much attention since its announcement last year.

"Aperi faces the same challenges as CIM and SMI-S," maintains ONStor CTO Jonathan Goldick. "Open standards tend to be the least common denominator. Vendors of arrays and switches have to expose everything. It's got to get real, and it's not now."

Yohsida agreed that Aperi is too narrow. In other words, it's too much dominated by IBM with the likes of EMC, Hewlett-Packard, and HDS on the sidelines. "With Aperi, one vendor is providing code," Yoshida said. "I want to see multiple tracks in it."

Still, Chris Stakutis, CTO of IBM Tivoli, argues that Aperi is misunderstood, that it is only the beginning of an open source initiative for storage. "The vision of Aperi is much greater than what's being evidenced in this small experiment in storage software," he said. Stakutis says Aperi is showing the benefits of collaborative engineering.

Cisco's Edsall, whose company is an Aperi member, says a lot more needs to be done in open source. "I don't know if Aperi is the ultimate answer and will win in the end," he said. But we do need open source. We have to do everything we're doing now, and Aperi." (Emphasis added.)The panel also debated which types of storage networks and protocols -- Fibre Channel, iSCSI, SAN, NAS, and so on -- will ultimately win out. They did not reach a conclusion.

Brocade's Crain says the tools that emerge are more important than the protocols. "It's a sport in storage to argue about which protocols will win," he says. "But customers are driven by performance and they want us to make it easier to use. One of our roles is to make it all transparent."

Dave Raffo, Senior Editor, Byte and Switch

Organizations mentioned in this article: