Is your storage encrypted?

Is it true? That depends on the sensitivity of your data and on any government regulations that require the data to be encrypted--in the healthcare industry, for example.

But the number of people out there who want to steal, tamper with, or destroy your data is going up, not down. And the chances are growing that you'll be targeted for such an attack either randomly or because the attacker has a political vendetta against the nation in which you're located. I'm fairly convinced that the day will come when all data--in transit and at rest--will be encrypted. It's just a question of clearing some hurdles.

For example, everything from handheld systems to desktops and notebooks to servers may one day be asked to encrypt or decrypt data before it leaves for its final destination, which could be either another system or storage (especially portable storage in mobile devices or removable media).

For client-side devices, getting involved in the encryption food chain probably isn't too much to ask. For the most part, client devices (except for some handhelds and phones) have cycles and storage to spare. (Encrypted data will probably take up more space). But, asking servers (especially application servers) to steal processor cycles away from whatever applications they're running may be too much to ask for.

To solve at least part of the problem--the data at rest part--without burdening servers, Neoscale's vice president of marketing Scott Gordon says that, after two years of working in stealth mode, his company is ready to launch a storage encryption appliance that can secure any or all data bound for Fibre Channel-based storage. Gordon says there's nothing quite like NeoScale's CryptoStor FC; an appliance that works at Fibre Channel's wire speed. Other similar wire-speed appliance-like products exist, but most support IPSEC and SSL and are tailored to the accelerated encryption of IP traffic across local and wide area networks. For example, CipherOptics, NetScreen Technologies, and Rainbow Technologies offer similar appliances such as ones that work with Ethernet (making it applicable to storage, but not storage-specific) and can work at wire speeds right up to Gigabit Ethernet.

The data that goes in one side in clear text comes out the other encrypted. The appliance is smart enough to encrypt just the data payload found inside the packets traversing the Fibre Channel and can selectively encrypt data based on user-defined rules such as the source of the data, the destination of the data, block range or SCSI command.

Although I found it hard to believe, Gordon claims that the appliance's wire speed capability means that applications separated from their Fiber Channel-based storage by a CryptoStor FC should experience no degradation in performance. If that's the case, we could be one step closer to a future where all data at rest is encrypted. Not only could corporations make use of appliances like these to secure data associated with enterprise applications, but storage service and Web hosting providers could offer encryption as a value added service that promises not to impact performance.

Sitting between a server and its storage isn't the only place a Fibre Channel encryption appliance can be useful. CrytpoStor appliances can be placed anywhere in the fabric of a storage area network--including at both ends where there's a need for a virtual private network. Technically speaking, you only need one appliance to make sure the data at rest is encrypted. However, if one end of the VPN is at a remote location (like a redundant facility) and the production facility experiences a physical disaster, having another appliance with the same encryption key at the redundant facility end makes the recovery of that data much faster and easier (especially if it comes off of tapes that were made after the data was encrypted and written to disk). It also guarantees that any data in transit between the two locations is encrypted.

CryptoStor moonlights as a storage firewall. For all the same reasons that desktop and notebook systems can stand to have their own firewalls (even if they're behind a corporate firewall), so too can storage. After all, if internal hackers can't use the client systems to get at the encrypted data, maybe they'll try to hack the storage bus itself. The same user manageable rules that are used to decide what gets encrypted can also be used to decide what gets through to the storage device. Gordon says that "this basically boils Cryptostor's job for every packet to one of three actions--encrypt it and pass it on, don't encrypt it and still pass it on, or don't let it through at all." Getting all of that on every packet without performance degradation isn't cheap, though. Cryptostor costs $40,000.

Obviously, there are other applications for wire speed encryption devices geared towards storage. For example, with network attached storage. Gordon says the company decided to focus on Fibre Channel first, but that those other options are coming.

What do you think? How long will it be before everything gets encrypted, from handhelds to storage? Let me know. TalkBack below or write to me at david.berlind@cnet.com.

Stay focused: Sign up for Tech Update Today, the daily e-mail newsletter for those who need to know.