Brocade Encryption Misses Boat - For Now - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
Commentary
9/25/2008
06:28 PM
Howard Marks
Howard Marks
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Brocade Encryption Misses Boat - For Now

Anyone who's read this blog even occasionally knows that my mantra includes "Encrypt your tapes." At first glance, Brocade's announcement of a 32-port encrypting Fibre Channel switch and 16-port encrypting blade for its DCX directors provides a new option for storage admins looking for high-performance tape encryption. However, as I read the FAQ on Brocade's site I discovered that the initial release only supports encrypting data at rest on disk.

Anyone who's read this blog even occasionally knows that my mantra includes "Encrypt your tapes." At first glance, Brocade's announcement of a 32-port encrypting Fibre Channel switch and 16-port encrypting blade for its DCX directors provides a new option for storage admins looking for high-performance tape encryption. However, as I read the FAQ on Brocade's site I discovered that the initial release only supports encrypting data at rest on disk.It's easy to understand why you'd want to encrypt data on tapes, especially tapes in transit. After all, lost, misplaced, or, heaven forfend, stolen tapes not only expose your valuable data to the vast underworld just looking for SSNs, credit card numbers, and other juicy stuff, but losing even one tape means you, poor slob, need to find out who's personal information was on it. Even worse, your employers will have to go public and spend money on credit report monitoring for your customers even if the crackhead that stole the tapes out of the courier's VAN tossed them in the trash as soon as he figured out that they weren't hockable.

I have a harder time getting my head around the value of encrypting data at rest on disk drives outside the obvious military and highly regulated industries that have to maintain strict and auditable "need to know." If someone is going to break into your data center and steal your disk arrays, they're probably going for the FC switches as well.

Vendors make the argument that PCI and other regulations require network accessible data be protected, and suggest encryption, but if the data is decrypted when it hits the server, it's still available through network attacks.

The one case where disk encryption inside the data center makes perfect sense to me is as a solution to the disk disposal problem. If Seagate expanded the on-drive, full-disk encryption it's selling in the laptop market to 10- and 15K- RPM drives, and array vendors used them, we could just throw drives that fail or are otherwise taken out of service in the trash.

On the other hand, Brocade promises tape compression and encryption, since tape drives can't compress encrypted data, in a future upgrade and it seems to have put together the right pieces supporting 16- or 32-GBs throughput of FIPS 140-2 Level-3 AES encryption, based on a software license, and integrating with NetApp and RSA key management systems. I'd much rather encrypt in the switch than use a standalone Decru/Netapp encryptor.

Brocade's even got an option, available only through NetApp or Brocade's professional services, to read Decru-encrypted data or write so a Decru device can decrypt it with the right keys.

I'm sure I'll get an e-mail from Brocade tomorrow telling me where I missed the boat, but I'm waiting for tape encryption before I can call this a winner.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll