Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Storage Security Products

Dig Deeper

Read On

Although we're not picking a winner in this review, Cisco's 9216i switch (pictured) impressed us with its broad range of functionality. Granted, it does absolutely nothing to protect hosts, but the 9216i let us handle authorization, access control and encryption from a single platform and was easily the most comprehensive offering we tested. Virtual LANs nicely restricted which devices, and even LUNs (logical unit numbers), could be seen from any given host, meaning that a breach mustn't serve up all your data, just that which the compromised server must see. If compliance is a concern, Cisco's integration with RADIUS provides the ability to maintain access logging.

Although the Cisco 9216i--or any other switches we tested--won't be a fit for installations with other vendors' Fibre Channel infrastructures already in place or that use NAS or iSCSI, we found viable ways to satisfy storage-security needs in nearly any configuration.

Access Control

Access control should be straightforward. And if you simply need to determine who can manage your storage network, then it is. But once you start considering who can see what data, things aren't so clear-cut. The problem lies in the overlap of the storage infrastructure with the users and groups defined in most IT operations. For example, in a database you create users and give them access to the data, so the database-encryption products we looked at did not worry about access control. For file- and block-level encryption products, only an add-on at the client level could allow access control by user. Decru has a good solution to this problem--we could even define which applications had access to a given file or folder.

  • 1