News
1/15/2010
11:11 AM
George Crump
George Crump
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Disposing Of Primary Storage

Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.

Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.In reality the chances of you being unlucky enough to have thrown your system out or put it on an auction site and then have someone pull usable data from those drives is unlikely. Most administrators will at least format the drives. The problem is formatting the drives may not be enough to meet the laws surrounding public release of private information. The laws may also be getting tougher.

Several states have enacted or are considering legislation that will require you to have data security standards in place, always. Not just disclose when a breech has occurred. Personally, I think this makes a bit more sense. Letting me know that you have lost your data and someone might have it really does not help all that much. Stopping it from happening in the first place, that makes sense.

Data that leaves your building has increasing pressure on it to be encrypted in some way. Tapes are always the first consideration, and I'll save you yet another "tape fell off the back of the truck" story. Primary storage however is often left out of the discussion. It doesn't get transported around like tapes do. Its protected, or should be, by your own internal security measures. What's the fear? At some point you are going to dispose of it for a newer model. No matter how you do that you are putting your data in someone else's hands. Again, formatting is probably not enough. Encryption is needed.

Beyond understanding the need, the resistance to encrypting storage in the past has centered around concerns about performance impact and difficulty of implementation. First there are plenty of choices of how and where to encrypt data. Companies like Brocade, EMC, NetApp and Thales are all offering encryption capabilities either by an add-on appliance, on the storage controller or built right into the storage infrastructure. Drive manufacturers like Seagate and IBM are delivering hard drives on the drive itself. HBA manufacturers like Emulex are delivering encryption at the HBA.

Most of the vendors claim little or no performance loss as a result of encryption. Additionally most of these systems are relatively seamless to install. In some cases it is basically automatic. While there is some complexity around key management vendors are moving toward standardization along this front as well.

Solutions like these make the disposal of storage safer. Once the array is unplugged from the storage infrastructure it is rendered unreadable for all practical means. At least thus far encryption meets the requirements set by the various state laws being enacted. You might as well face it, the requirement to secure customer data is here to stay and the laws that protect the consumer are only going to become more stringent, embracing storage encryption now can save a lot of headaches later.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.