In-flight data encryption is another emerging security mechanism, often deployed as an important last line of defense. Some enterprises have deployed carrier-class WDM platforms in tandem with recently released SAN VPN appliances that perform native SAN encryption via 3DES or AES (Data or Advanced Encryption Standard, respectively) at wire speed. A process similar to IPSec Tunnel Mode, this function encapsulates and encrypts an entire Fibre Channel frame as it enters or leaves the SAN. Conversion to IP is not required, so the process does not add latency delay for sophisticated, real-time SAN applications such as 1Gbit/s and 2Gbit/s Fibre Channel or Fiber Connection. This is critical because the challenge is to improve security without reducing the performance of the services carried across the SAN. The enterprise must be able to meet regulatory requirements and alleviate data-privacy concerns without imposing adverse operational impact on its SAN applications.
Though there have been several high-profile incidents of information theft over the last few years, most breaches have gone unreported. Regulatory trends suggest that enterprises in more and more industries will no longer be allowed to remain silent about compromises to their information assets. While healthcare, financial services, manufacturing and government entities have been the most eager adopters of multi-layered SAN security strategies, there is activity in other industries, such as airlines, pharmaceuticals, life sciences and education.
It is important to do all that can be done to shore up protection, because the risks of sitting still are considerable. Beyond inviting sometimes-stiff government penalties, an enterprise stands to severely damage customer confidence and loyalty if its infrastructure is shown to be vulnerable to data theft.
As the nature of security threats has evolved and matured, so have the security capabilities available for optical networks. Enterprises today are adopting increasingly sophisticated, multi-faceted SAN security strategies to keep in compliance with data-protection regulations and keep out of tomorrow’s negative headlines.