3 posts tagged “rsa”

Searchstorage have an article up discussing LTO-4. Yes, yes denser media and faster native transfer rates but that doesn't change the tape recovery pain point, it just means you have even more positioning to do on restore if you've been multiplexing your backups.

Captain Obvious says:

Keep operational backups, the stuff you need often, on disk. Any data which lands on tape should immediatly be heading out the door to your vault where you hopefully won't have to see it ever again. Or see it for a few years at least. End of lesson.

The new issue LTO-4 brings to the table is that of encryption key management. It seems that everyone has their own take on key management, you can do it in the application like Symantec have chosen to do with MESO for NetBackup via the embedded CoreGuard technology they've licensed from Vormetric. You can do it with the Key Managers offered by the network device encryption vendors such Neoscale & Decru. You can even do it in the tape library or at the drive level via various vendor apps. I know IBM uses an app they've developed to generate and revoke keys which they write in an encrypted form directly to the media used by their TS1120 drives.

Now keys are like weeds. You start with one, and before you know it they're springing up all throughout your environment. If you're under some form of mandatory retention of backup & archival data (God forbid I use the big C. No not Cancer, Compliance), you'll end up with who knows how many keys as time moves on. And while employees may come and go keys will have to endure. Safe, secure and available every second of every day until the value of the information, and the liability involved in it's loss, reaches zero. Which may take a day, a week, or a decade depending on the business process issues involved.

While everyone else was focusing on EMC entering the Authentication business or buying encryption technology with it's purchase of RSA I was busy reading up on RSA Key Manager. The time is rapidly approaching where a lot of your Information Infrastructure components both hardware and software will require something to manage the key lifecycle.

From creation to rotation to destruction. 

Having written and deleted five different entries on five different topics over the weekend I decided to consolidate some of my thoughts in one handy dandy entry.

-RSA's SecurID Appliance

What with my somewhat awkward decision to take that vacation I've been putting off for six years next week, (I'm going to Le Web 3.0 followed by a few nights at Disneyland Paris. A geek's vacation if there ever was one), I've only just unpacked and powered up an RSA SecurID Appliance. Out of the box the product itself looks more like a high end home entertainment component than a boring old server, right down to the tuning knob and back lit LCD display on the face of the system. Being a Mac user and therefore obsessed with form over function I find this to be a "good thing". More thoughts on the product later this week after I've taken it for a test drive.

Besides, it's good to be told there's a box waiting for you and finding that that it's really a box. Not something which has arrived in numerous crates, weighs a few tons when assembled, occupies numerous floor tiles, and costs enough to put everyones kids through college. ;)  

-Symantec buy what's left of Revivio

Revivio was one of the first CDP vendors but one wonders if, glowing obituaries aside, it wasn't the least successful? A price tag of $20M and with only 12 customers it doesn't seem to me like it was a company struck down in it's prime.

Symantec had been shopping around for a CDP solution for months, and while they now finally have something which didn't cost them a whole lot, they didn't exactly have a lot of choices after Kashya and XOSoft were bought out by EMC & CA respectively. Come to think of it XOSoft may have been a bad fit for Symantec due to the amount of overlap with existing Veritas products and since Revivio requires a Volume Manager to perform it's write splitting Symantec already have a bit of a head start when it comes to integration, but there's nothing there after that. From here to where ever they plan to take it will require a whole lot of new code.

On the topic of CDP in general I've been working with CDP technologies for over a year and the issue I keep on seeing is that they're either badly positioned to customers or customers think CDP is nothing more than a bunch of snapshots taken at regular intervals.

Microsoft's creation of the marketing term near-CDP for their DPM product doesn't help clarify matters either.

CDP is one of those technologies which successfully turns restores which used to take days into hours, hours in minutes, and minutes into seconds. The price you pay for this restore performance gift from god comes in the form of the N+x amount of storage required to journal all the changes made in order to give you that continuous protection. The higher the rate of change the higher the journal storage requirement, but it's high change rate systems which usually are the mission critical ones and therefore require such a granular level of protection along with a rapid restart.  

As with any information protection technology it's all about where you put it, and the last place you want to put CDP is everywhere*.

*Everywhere is exactly where you probably should put de-dup. That's a different post.

RSA's Shannon Kellogg has a very interesting post on RFID security & privacy issues. RFID isn't everywhere, it's about two places away from being everywhere, so we need to deal with these things now.

Hopefully we've learned something from the numerous security messes we got ourselves into with the rise of the internet age. The fact the internet became such a massive wealth generator and vibrant trade route when security was never designed into it in the first place is a triumph of the human spirit in the face of billions in fraud, oceans of spam, and an unending march of malware.