File Security Gets All Cryptic

Vendors target file-level encryption and key management in an attempt to lock down users' data

James Rogers, Contributor

June 5, 2006

4 Min Read

Storage security vendors looked to boost encryption today as both Decru and PGP are unveiling new technologies designed to tackle file-level security.

This morning PGP takes the wraps off its new NetShare software, which extends the firm's 128-bit encryption from instant messaging and email to file servers. "Virtually every big customer that we speak to is asking for this," explains Andrew Krcik, the vendor's vice president of marketing. "You have thousands and thousands of people accessing tens of thousands of files on file servers."

The software, which sits on top of client devices, such as laptops and desktops, can work with all types of local and network storage devices, including Windows servers, NAS devices, and SAN boxes, according to PGP.

NetShare, priced at $149 per user, will be available in the fourth quarter of this year. PGP execs, however, tell Dark Reading that the vendor has volume discounts that apply to "most enterprises."

Decru is also making a move into the file security space this morning, revealing a partnership with content management specialist FileNet. The two firms have embarked on a reference selling initiative centered on FileNet's P8 software and Decru's DataFort encryption device.

By linking FileNet's software and DataFort hardware, Kevin Brown, Decru's vice president of marketing, says his firm can tighten its file encryption story. "FileNet lets us encrypt per [individual] file," he says, as opposed to previously, when Decru would target, for example, entire Windows drives. "With FileNet, we can drill down into each of the specific drives."

The list price for Decru's DataFort devices starts at $15,000, although FileNet would not reveal its P8 list price.

The major difference between Decru and PGP is that the latter takes a largely software-based approach to encryption, whereas Decru opts for a hardware-based strategy, centered on the DataFort devices. Both approaches have their pluses and minuses. "Hardware encryption can be faster, more powerful, and more secure, but it can be more costly," says Dan Tanner, a member of the Storage Networking User Group of New England (SNUGNE) and founder of consulting firm ProgresSmart.

For some users, however, those plus-points are critical. Directory services provider Qsent, for example, shifted from software-based encryption to hardware from NeoScale. (See Records Firm Not Risking Tape.)

Tanner acknowledges that file-level encryption is important, although he warns that users need not go crazy with the technology. "There's only certain types of files that ought to be encrypted in transit, others should be encrypted at rest." Encryption, he adds, can impair application performance, the ability to compress files, and the overall cost of doing business.

These sentiments were echoed by Robert Amatruda, research manager at IDC. "At the end of the day, not all data is created equally," he says, adding that encryption is most appropriate for highly critical data, such as financial filings and personnel data.

Jon Oltsik, senior analyst at the Enterprise Strategy Group, says that it is hard to pick a clear front-runner in the storage encryption space, with PGP and Decru vying with the likes of NeoScale. "Right now, it's anyone's game," he says. "It's too early to tell who has the advantage at this time."

Certainly, the encryption market is still maturing, as demonstrated last week by the demise of publicly traded vendor Kasten Chase, which ceased operations after months of financial difficulty. (See End of the Road for Kasten Chase, Kasten Chase Goes Under, and Kasten Chase Reports Financials.)

Decru also unveils its new 2U Lifetime Key Management appliance today, which the vendor says can support over 100 DataFort devices and manage more than 100 million keys. IDC's Amatruda says this type of technology is critical to users. "The real crux of the issue around encryption is key management and being able to manage the keys over a long period of time," he says.

Encryption specialists, however, are not the only security vendors unveiling new technology today. Startup Imperva, for example, is taking the wraps off its one-rack-unit-high SecureSphere Database Monitoring Gateway, which examines network traffic accessing database servers.

Unlike the startup's existing Database Security Gateway, which also contains IPS features, the monitoring gateway is aimed squarely at the auditing market. The new device, priced at $35,000, is also $10,000 cheaper than the security gateway. It will be available on June 19.

Another security vendor, iPolicy Networks, also fills out its product line today, with the launch of its 6410 device, containing URL filtering, content protection, and anti-virus and IDS technology. The 2U-high 6410 is priced at $60,000 and available immediately.

— James Rogers, Senior Editor, Byte and Switch. Special to Dark Reading

Organizations mentioned in this article:

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights