Constructing Secure Storage Area Networks
by Todd Bundy - Director of Business Development and Alliances, ADVA Optical Networking - Wednesday, 13 September 2006.
Physical-layer intrusion detection, for example, is emerging as an important capability. Some WDM-enabled optical networking platforms can be programmed to take various immediate, automated actions per level of signal degradation. An inherent ability to shut down service to one data center, for example, without the delay of human intervention has proven to be a powerful tool for mitigating the damage of breaches – especially in industries such as finance where an enterprise’s infrastructure might be processing thousands of transactions per second.

In-flight data encryption is another emerging security mechanism, often deployed as an important last line of defense. Some enterprises have deployed carrier-class WDM platforms in tandem with recently released SAN VPN appliances that perform native SAN encryption via 3DES or AES (Data or Advanced Encryption Standard, respectively) at wire speed. A process similar to IPSec Tunnel Mode, this function encapsulates and encrypts an entire Fibre Channel frame as it enters or leaves the SAN. Conversion to IP is not required, so the process does not add latency delay for sophisticated, real-time SAN applications such as 1Gbit/s and 2Gbit/s Fibre Channel or Fiber Connection. This is critical because the challenge is to improve security without reducing the performance of the services carried across the SAN. The enterprise must be able to meet regulatory requirements and alleviate data-privacy concerns without imposing adverse operational impact on its SAN applications.


Though there have been several high-profile incidents of information theft over the last few years, most breaches have gone unreported. Regulatory trends suggest that enterprises in more and more industries will no longer be allowed to remain silent about compromises to their information assets. While healthcare, financial services, manufacturing and government entities have been the most eager adopters of multi-layered SAN security strategies, there is activity in other industries, such as airlines, pharmaceuticals, life sciences and education.

It is important to do all that can be done to shore up protection, because the risks of sitting still are considerable. Beyond inviting sometimes-stiff government penalties, an enterprise stands to severely damage customer confidence and loyalty if its infrastructure is shown to be vulnerable to data theft.

As the nature of security threats has evolved and matured, so have the security capabilities available for optical networks. Enterprises today are adopting increasingly sophisticated, multi-faceted SAN security strategies to keep in compliance with data-protection regulations and keep out of tomorrow’s negative headlines.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th