News Stay informed about the latest enterprise technology news and product updates.

Users downplay storage encryption

NetApp forked out $272M for Decru, almost nine times the startup's current revenue. A hefty price tag when many users say it's doubtful they will deploy storage encryption.

Network Appliance Inc. (NetApp) handed over $272 million yesterday for Decru -- almost nine times the company's revenue for this year. It would seem like a lot to pay when many users indicate they are unlikely to deploy storage encryption.

Gary Goerke, information systems manager at Ramco-Gershenson Inc., said he believes the incidents in the press about lost backup tapes are driving knee-jerk reactions to security by the vendors, but he still doesn't think organizations worldwide are going to put this problem at the top of their to-do lists.

Related articles

NetApp locks down Decru for $272M

Vendors combine storage and security

Banks mull data security in wake of missing tapes

Five ways to secure iSCSI

"Stolen backup data is the type of data that we, as citizens, expect to be held in the utmost trust and handled with the utmost care," he said. "It's not a majority of organizations that have data that's that sensitive."

CareGroup Healthcare Systems, affiliated with Beth Israel Deaconess Medical Center, has no plans to start encrypting its tapes or disk storage. "We're looking at getting out of the tape business -- it's not necessarily an ongoing concern for us," said Michael Passe, senior storage engineer at the Center. He's looking at replicating backups over its Fibre Channel SAN to avoid transporting tape. "More and more, we won't need human intervention -- it'll be electronic to get stuff from A to B," he said.

Mike DeVos, vice president of technology services at Security National Bank in Springfield, Ohio, backs up close to 5 terabytes of data a day between an EMC Corp. Clariion and an EqualLogic Inc. iSCSI array. Right now, the bank has the usual perimeter security enforcements but does not encrypt its data at the storage level.

"Encryption would make life more cumbersome for our users if they can't access the data they need," DeVos said. He is looking at auditing software that would call attention to files that are being moved to a different location without authorization. "If a user copied a file to his hard drive, it would raise a red flag."

DeVos added that in a "banking situation you have to have trustworthy employees, and if they're not, you go after them." He said Security National Bank has terminated employees for not following procedure around wire transfers and similar processes. "The bank has to eat the money when these mistakes happen."

Another user in the banking sector, who requested anonymity, said that encrypting backups is valid, but implementing it poses a challenge. "There's concern over recovery via decryption," he said.

Not everyone dismisses tape encryption, however. A recent poll by our sister publication Storage magazine, surveyed readers about their backup tape-encryption practices. As high as 86% said they do not encrypt backup tapes today. More telling perhaps is that 23% plan to begin backup encryption, despite concerns about performance and being able to restore. Many readers noted that regulations and audits were fueling their interest in backup encryption.

Click here for more of today's news.

Dig Deeper on Data backup security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.