The Security Problems with Multi-Vendor Data Storage
One of the most common data center trends is storage system sprawl. In today’s data center, every environment or workload has a unique storage architecture. While dispersed storage does allow IT to target features and performance attributes at each workload, the practice complicates creating a successful data security plan.
If an organization wants to deploy security functions, like encryption, into a multi-vendor storage design, IT has to manually deploy and manage it on each system. Each storage system may require different encryption software. If the IT planner wants to move beyond encryption, like using data monitoring or auditing software, they need to add still more to the architecture, further increasing costs.
In addition to cost and complexity issues, there is also the concern that these efforts are after the fact. The primary storage system is already running and in many cases has been running unprotected for years. The aftermarket “bolt on” approach means moving existing data into the new encrypted volume or scanning through the current volume and encrypting that data. The moving or scanning process takes a long time and has a high potential for error.
The users and applications have also been running without encryption and auditing enabled, and the post-facto enabled security measures may noticeably impact performance. The storage system and encryption software were not designed to work together, and lack integration. Users also experienced a certain level of performance before IT activated encryption, and they became accustomed to more performance than they needed. Had encryption been in effect from day one, they would have never noticed the difference.
Lastly, with a multi-vendor data strategy, there is no centralized security reporting. While there are software applications that provide a global dashboard of storage resources like capacity and performance utilization, none integrates security status into the dashboard. This leaves IT with having to inspect each storage system manually, to ensure that the security software running on it is meeting required security service levels.
Storage Consolidation as the Foundation to Data Security
Storage consolidation is a foundational element in providing data security. If the organization can eliminate its multitude of storage silos, then it immediately simplifies the process of applying a broad-based data security strategy. Since each storage silo is a potential gap in security, a single consolidated system closes that gap. The consolidated storage system would have to go beyond just primary storage consolidation to also include backup storage as well as archive storage.
The most obvious question is “is it even possible to consolidate down to a single system?” From a hardware perspective, it is. Storage systems today can easily incorporate a mixture of flash and hard disk drives to support a broad range of use cases. From a software perspective, most storage software solutions come close but don’t quite reach the full potential required for consolidation.
A Consolidated Storage Environment, Not a System
The first mistake that storage consolidation vendors make is that they try to consolidate down to a single piece of hardware, which leaves them exposed to the limitations of that hardware. For example, while many storage systems can move data between flash and hard disk tiers, they can’t move data to other storage systems or the cloud. Another example is data protection. Data protection has to be more than same-system snapshots. While snapshots are a good start, to be genuinely safe, data needs to be stored on another system that is off-site or in the cloud.
Instead, vendors need to take an environmental approach so they can manage other storage hardware outside of the primary system, like secondary storage and cloud storage. An environmental approach enables tiering of data and protection of data to less expensive and off-site storage hardware, all controlled by the same software.
Secure from Day One
A consolidated storage environment needs to come with integrated data security features like encryption and auditing. The security features should be in-line and always on, so its use is consistent. Integrating data security into the storage software shouldn’t impact performance like an encryption aftermarket product nor should the user ever notice a difference since there is no pre-encrypted state with which to compare.
The next blog discusses in more detail, integrating data protection into the consolidated storage environment. Integrating it reduces not only the complexity and cost of data protection but also creates a more secure environment by reducing the need for super-user accounts and additional storage silos.