Enterprises are achieving the high degree of security they require by employing layer defense. Physical, access and zoning controls form an important foundation. Additional mechanisms must be utilized to achieve truly secure SAN extension for real-time storage applications.
Physical-layer intrusion detection, for example, is emerging as an important capability. Some WDM-enabled optical networking platforms can be programmed to take various immediate, automated actions per level of signal degradation. An inherent ability to shut down service to one data center, for example, without the delay of human intervention has proven to be a powerful tool for mitigating the damage of breaches – especially in industries such as finance where an enterprise’s infrastructure might be processing thousands of transactions per second.
In-flight data encryption is another emerging security mechanism, often deployed as an important last line of defense. Some enterprises have deployed carrier-class WDM platforms in tandem with recently released SAN VPN appliances that perform native SAN encryption via 3DES or AES (Data or Advanced Encryption Standard, respectively) at wire speed. A process similar to IPSec Tunnel Mode, this function encapsulates and encrypts an entire Fibre Channel frame as it enters or leaves the SAN. Conversion to IP is not required, so the process does not add latency delay for sophisticated, real-time SAN applications such as 1Gbit/s and 2Gbit/s Fibre Channel or Fiber Connection. This is critical because the challenge is to improve security without reducing the performance of the services carried across the SAN. The enterprise must be able to meet regulatory requirements and alleviate data-privacy concerns without imposing adverse operational impact on its SAN applications.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.