The storage security market has been heating up as of late, spurred by high-profile data breaches and growing congressional interest in the issue.
Several vendors have come to market in recent weeks with new security offerings, and this time the vendors aren't just standalone storage security plays like Decru, NeoScale, Vormetric and Kasten Chase.
Here are some of the new storage security offerings, most of which center around data encryption:
- Sun Microsystem's new enterprise class tape drive offerings include encryption, and Iron Mountain has made encryption a priority since April.
- Atempo this week unveiled Time Navigator Security and Compliance Manager, a new storage security solution integrating multiple layers of security technologies to protect in flight and at rest digital information, securing it against eavesdropping, tampering and impersonation.
- Intelligent switch vendor MaXXan Systems has added high speed, data at rest encryption support to its MXV Series of Secure Storage Application Platforms, targeted at enterprise users who need to encrypt data across tape or disk SANs.
- Asigra has added Advanced Encryption Standard (AES) 256-bit encryption to its Televaulting for WAN agentless distributed backup and recovery software for network computing.
NeoScale announced that the U.S. National Institute of Standards and Technology (NIST) has awarded FIPS 140-2 Level 3 Certificate #583 to NeoScale's CryptoStor FC, the first storage security appliance to achieve that certification level, which encompasses the entire system from the physical and logical integrity of individual hardware components to the operating system and system-level functionality such as user access control and key management.
And NetApp this week began pushing its "Uncompromised Security Initiative," pledging to deliver military-grade security solutions for enterprises that require no tradeoffs in speed and availability.
The moves come as Congress prepares to take action on data privacy and as numerous studies show that companies still don't get it.
British storage encryption firm Disuk will release a study next week showing that fewer than a quarter of companies encrypt their backup tapes, little changed from a survey conducted in April. GlassHouse Technologies last week released a survey that found that 54 percent of the more than 300 companies surveyed have no documented procedures for protecting stored data, and 70 percent of executives rated their company's data storage security as fair or poor.
Decru marketing vice president Kevin Brown said most companies don't understand the potential cost of not encrypting data. One big financial firm reported "tens of millions" of dollars in costs "from a couple of lost tapes," he said, and firms that must notify customers of data breaches lose 20% or more of the notified customers. Compared to those costs, a $25,000 encryption appliance seems cheap.
The issue is attracting attention from the broader IT community. Internet privacy group TRUSTe released its own data security guidelines last week.
And Microsoft has come down in favor of a national data privacy law. Last week, as a congressional committee was in the process of approving a data privacy bill, Microsoft general counsel Brad Smith told the Congressional Internet Caucus that Microsoft supports such a bill. Among other provisions, he said the law should "ensure a minimum level of security for personal information in storage and transit. A federal standard should require organizations to take reasonable steps to secure and protect critical data against unauthorized access, use, disclosure modification and loss of personal information."
Brown thinks it's likely that some bill will pass before the 109th Congress adjourns next year. "There are a half-dozen viable bills out there," he said. "We think it's something that's going to happen."
And when it does, storage vendors will be ready.