Safe SANs urged

A Toronto-based software firm means to bring better security to the storage area network (SAN) space, and it wants customers’ help to do so.

Kasten Chase Applied Research Ltd. in December announced the formation of a Secure Networked Storage Advisory Council – a collective of storage-minded technology vendors and users that will “establish best practices for implementation of secure networked storage solutions,” according to the firm’s statement.

The council ultimately will suggest improvements for Kasten Chase’s Assurency Secure Networked Storage solution – an authentication program meant to guard against SAN intrusions.

Kasten Chase will seek advice from those who manage complex SANs, said Hari Venkatacharya, the company’s senior vice-president of secure networked storage.

“We wanted something broad-based, including vendor partners as well as customers, to get feedback of the evolving architecture and implementation of our product,” he said, describing the advisory group’s mandate. “We’ve seen a number of councils come forward, but we haven’t seen a lot of representation from end-customers there.”

Still, as of press time, few of the company’s customers had signed on to Kasten Chase’s council. Venkatacharya said these are early days and it will only be a matter of time before users join up.

SAN security is a bigger issue than some might think, Venkatacharya said. Although networked storage does not represent the “low-hanging fruit” that intruders generally chase, it is perhaps a more fulfilling find.

“My concern is, as you have more and more critical and sensitive information stored in these data farms, it’s simply a time bomb waiting to explode,” Venkatacharya said.

Kevin Mann, SAN product specialist with StorageTek Canada, echoed that sentiment, pointing out that as companies deploy multifaceted disaster recovery schemes, data becomes more vulnerable.

“Now customers are looking to replication techniques – I’ll have [data] here and I’ll have it there. The moment you have it ‘and there’ it’s now travelling a public link and it’s exposed.

“That’s your most critical asset, your data. What happens if it falls into the wrong hands? You’re compromising your customers; you could lose your intellectual property. That could put you out of business.”

Meanwhile, today’s security measures cannot keep up with increasingly distributed and vulnerable SAN architecture, said Venkatacharya.

For example, status-quo sentries like zoning and LUN masking allow “spoofing”, where, for example, a malicious tech maven could attach to the network an unauthorized device and make the network think the device belongs. Thereafter, the intruder could direct sensitive information to that device, collect the data and use it for some nefarious purpose.

Venkatacharya said Kasten Chase has an answer in its Assurency solution.

“If you…authenticate all HBAs (host bus adapters) to the fabric individually, you’re not going to be able to mimic the HBA and gain access to the information,” he said, explaining that the program authenticates individual network elements and thwarts intruders.

Soliciting user input to improve Assurency is a smart move on Kasten Chase’s part, said Mike Alvarado, chairman of another storage security-minded group, the Storage Security Industry Forum (SSIF), which was formed from the Storage Networking Industry Association (SNIA) in July 2002.

“There are a few perspectives that end users are going to bring,” Alvarado said. “If they’re using the vendor’s product, it’s…good for end users to advise vendors where they want improvements.”

User input informs the standards space as well, he said. The SSIF, which mulls over cross-platform protection protocols, also has a user contingent.

But Alvarado said his group keeps a “necessary distance” between users and vendors. The users’ section members do not hold vendor seats on other SNIA orgs, for example.

“The end user has to know there’s no commercial transaction on the table,” he said.

Kasten Chase invites users to sit at the table alongside company reps from FalconStor Canada, Hitachi Data Systems Canada and StorageTek Canada, among others.

StorageTek’s Mann believes users should seize the opportunity Kasten Chase is offering them.

“Having the outside, real user community involved is going to help keep it flying straight,” he said. “It’d be in the user community’s best interest to come in and make sure it’s not drifting off.”

To learn more about the Secure Networked Storage Advisory Council, see Kasten Chase’s Web site,