The Importance of Consolidation for Secure Storage

The Security Problems with Multi-Vendor Data Storage

One of the most common data center trends is storage system sprawl. In today’s data center, every environment or workload has a unique storage architecture. While dispersed storage does allow IT to target features and performance attributes at each workload, the practice complicates creating a successful data security plan.

If an organization wants to deploy security functions, like encryption, into a multi-vendor storage design, IT has to manually deploy and manage it on each system. Each storage system may require different encryption software. If the IT planner wants to move beyond encryption, like using data monitoring or auditing software, they need to add still more to the architecture, further increasing costs.

Watch On Demand

In addition to cost and complexity issues, there is also the concern that these efforts are after the fact. The primary storage system is already running and in many cases has been running unprotected for years. The aftermarket “bolt on” approach means moving existing data into the new encrypted volume or scanning through the current volume and encrypting that data. The moving or scanning process takes a long time and has a high potential for error.

The users and applications have also been running without encryption and auditing enabled, and the post-facto enabled security measures may noticeably impact performance. The storage system and encryption software were not designed to work together, and lack integration. Users also experienced a certain level of performance before IT activated encryption, and they became accustomed to more performance than they needed. Had encryption been in effect from day one, they would have never noticed the difference.

Lastly, with a multi-vendor data strategy, there is no centralized security reporting. While there are software applications that provide a global dashboard of storage resources like capacity and performance utilization, none integrates security status into the dashboard. This leaves IT with having to inspect each storage system manually, to ensure that the security software running on it is meeting required security service levels.

Storage Consolidation as the Foundation to Data Security

Storage consolidation is a foundational element in providing data security. If the organization can eliminate its multitude of storage silos, then it immediately simplifies the process of applying a broad-based data security strategy. Since each storage silo is a potential gap in security, a single consolidated system closes that gap. The consolidated storage system would have to go beyond just primary storage consolidation to also include backup storage as well as archive storage.

The most obvious question is “is it even possible to consolidate down to a single system?” From a hardware perspective, it is. Storage systems today can easily incorporate a mixture of flash and hard disk drives to support a broad range of use cases. From a software perspective, most storage software solutions come close but don’t quite reach the full potential required for consolidation.

A Consolidated Storage Environment, Not a System

The first mistake that storage consolidation vendors make is that they try to consolidate down to a single piece of hardware, which leaves them exposed to the limitations of that hardware. For example, while many storage systems can move data between flash and hard disk tiers, they can’t move data to other storage systems or the cloud. Another example is data protection. Data protection has to be more than same-system snapshots. While snapshots are a good start, to be genuinely safe, data needs to be stored on another system that is off-site or in the cloud.

Instead, vendors need to take an environmental approach so they can manage other storage hardware outside of the primary system, like secondary storage and cloud storage. An environmental approach enables tiering of data and protection of data to less expensive and off-site storage hardware, all controlled by the same software.

Secure from Day One

A consolidated storage environment needs to come with integrated data security features like encryption and auditing. The security features should be in-line and always on, so its use is consistent. Integrating data security into the storage software shouldn’t impact performance like an encryption aftermarket product nor should the user ever notice a difference since there is no pre-encrypted state with which to compare.

The next blog discusses in more detail, integrating data protection into the consolidated storage environment. Integrating it reduces not only the complexity and cost of data protection but also creates a more secure environment by reducing the need for super-user accounts and additional storage silos.

Watch On Demand

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,955 other followers

Blog Stats
  • 1,348,190 views
%d bloggers like this: