Most networked storage vendors have shied away from building encryption into their products. Vendors of NAS devices have tended to rely on the server operating system for many security functions, and SAN infrastructure vendors such as Cisco, EMC, and McData say they're concerned that encryption would reduce SAN performance and, in the long run, prove difficult for enterprise customers to manage.
With major vendors remaining on the encryption sidelines, a group of small vendors, many of them startups, have entered the market, offering appliances that either attach to a Fibre Channel SAN switch or, in the case of IP-storage, sit on a LAN between servers and storage devices. These appliances have a few things in common: They generally capture data on its way to networked storage devices and encrypt it using either the 256-bit data Advanced Encryption Standard (AES) or 192-bit Triple DES, allowing data to be encrypted as it sits at rest on networked storage devices. Most also offer clustering for business-continuity and management software, including key management.
Beyond those similarities, however, the encryption appliances from vendors such as Decru, Ingrian, Kasten Chase Applied Research, NeoScale Systems, and Vormetric incorporate some significantly different approaches to storage encryption. Those differences will require enterprises to make choices about where and how storage should be encrypted.
Some encryption appliances--including Decru's DataFort product and NeoScale's CryptoStor product--are hardware-enabled appliances that don't require hardware or software agents running on servers or switches. The hardware-only approach, these vendors say, lets their appliances operate at near-line speeds. NeoScale, for example, says CryptoStor can keep up with a gigabit data path with less than 100 microseconds of latency.
Other encryption appliances such as Kasten Chase's Assurancy SecureData products and Vormetric's CoreGuard products require hardware or software agents running on servers, in addition to the hardware appliance. While this approach generally involves a performance hit--Kasten Chase estimates 10% overall--it can be more scalable.
