Fact is, there's no single solution. Generally, data still comes to the host unencrypted--even products that encrypt and decrypt right on the host or database server must hold unencrypted data in memory. And access control at the host, application, database and SAN levels can only mitigate risk.
So what does good enough storage security look like? Compliance requirements are growing in every field, but if your enterprise works with the federal government, is a financial institution, hospital or credit-card issuer, or maintains a presence in California, you could be under the gun. For example, you may be required to produce records of what access rights were changed, when they were changed and who changed them. You may also need to prove you took steps to limit access and protect data if a breach does occur.
The following questions will help you get to the heart of storage security--what you are trying to protect, and at what points in the architecture.
Do you need encryption, or just access control? If you encrypt data on the SAN, must you encrypt it across the entire SAN? If the decryption is performed off-host, can your network handle the additional traffic? If the decryption is performed on-host, are you willing to touch each server that must act as a host for encrypted data to install either client software or a decryption accelerator card?
Different products decrypt at different locations, with most of them passing data unencrypted from the switch to the host. Only 11 percent of readers surveyed don't use encryption, saying it's not worth the bandwidth; 32 percent prefer to encrypt on the host. Encryption on the host is CPU-intensive unless you have dedicated encryption processor cards in each host. Encryption on the SAN, be it on the switch or on an appliance, puts unencrypted data on the SAN when it's passed to and from the encryption engine.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.
