Security and storage synergies continue

Call me the "Chicken Little" of storage security. Two years ago I was one lonely guy hassling IT managers and large storage vendors about the lack of security in the storage infrastructure. The security-challenged storage mainstream thought I was crazy.

As 2005 comes to a close my ranting looks more sagacious than idiotic (author's note: does that make me an idiot savant?) In this year alone, NetApp bought Decru, EMC made security a part of its overall corporate strategy, and Hitachi Data System declared that its storage systems are "compliance ready." Not to be outdone by the 800 lbs. storage gorillas, Atempo, Nexsan, Maxxan, SpectraLogic, and Quantum all added cryptographic capabilities to their storage offerings.

What's next? ESG believes that by the end of 2006, security will simply be baked into nearly every storage technology. This will take storage security beyond familiar encryption to new areas like role-based access control, strong authentication, and key management. By the end of the year, storage folks will have a whole new set of acronyms and security knowledge.

Next year will also have a bizarro world quality - not only will security move into the storage realm but storage will move into the security domain. Why? Large organizations are now collecting, storing, and analyzing mountains of security data for trend analysis and compliance purposes. This requires a new type of security management engine that is more OLAP than OPTP. On the back-end, terabytes of storage logs needs the horsepower and functionality of enterprise-class storage systems instead of local server disks. The recent SenSage/EMC Centera announcement was a sign of things to come.

Does this mean that 2006 will ring in the dawn of storage security Aquarius? Nope. We security folks are far too cynical to go that far. These trends are a good start but between user apathy and ever-nastier attack vectors, 2006 will be quite ugly. More on that soon.