Security and storage synergies continue

What does 2006 hold for storage security? One observer predicts the industry will go beyond familiar encryption to new areas like role-based access control and key management.

Call me the "Chicken Little" of storage security. Two years ago I was one lonely guy hassling IT managers and large storage vendors about the lack of security in the storage infrastructure. The security-challenged storage mainstream thought I was crazy.

As 2005 comes to a close, my ranting looks more sagacious than idiotic (author's note: does that make me an idiot savant?). In this year alone, NetApp bought Decru, EMC made security a part of its overall corporate strategy, and Hitachi Data Systems declared that its storage systems are "compliance ready".

Not to be outdone by these storage gorillas, Atempo, Nexsan, Maxxan, SpectraLogic, and Quantum all added cryptographic capabilities to their storage offerings.

What's next? Enterprise Strategy Group believes that by the end of 2006, security will simply be baked into nearly every storage technology. This will take storage security beyond familiar encryption to new areas like role-based access control, strong authentication, and key management. By the end of the year, storage folks will have a whole new set of acronyms and security knowledge.

Next year will also have a bizarro world quality--not only will security move into the storage realm but storage will move into the security domain. Why? Large organisations are now collecting, storing, and analysing mountains of security data for trend analysis and compliance purposes. This requires a new type of security management engine that is more OLAP (Online Analytical Processing) than OPTP. On the back-end, terabytes of storage logs needs the horsepower and functionality of enterprise-class storage systems instead of local server disks. The recent SenSage/EMC Centera announcement was a sign of things to come.

Does this mean that 2006 will ring in the dawn of storage security Aquarius? Nope. We security folks are far too cynical to go that far. These trends are a good start but between user apathy and ever-nastier attack vectors, 2006 will be quite ugly.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.