Does Flash Storage Offer Data Security?

Topics in this article

The economics of flash storage continues to improve, spurring more mainstream adoption. As prices drop and become affordable for more enterprises, flash technology meets two of the three objectives every IT department is tasked with: improving performance and lowering the overall cost of storage.

The third and most critical objective is data security. Do flash drives meet that objective as well? Let’s a take a look at the state of the industry.

Historically, transportable USB thumb drives based on flash technology haven’t had the reputation of safety for obvious reasons. These drives can be easily lost or stolen. Without any password protection or physical access control, these consumer level products that most of us IT professionals carry around, are a real security risk. Fortunately, that lack of security is a function of the portable nature of USB flash drives, not the underlying flash technology itself.

Solid state drives, when used as part of a storage array, are no better or worse than traditional spinning media in terms of security. Any physical drive, whether based on SSD or HDD technology, is a security risk unless other methods of protection exist. Many IT data centers have multiple levels of physical security that can protect against physical removal of drives through physical card access to the data center. More recently, added layers of data protection such as drive encryption add further safeguards to protect against data theft beyond removal of the drive itself.

Data security is an independent requirement, and needs to be added at the drive level, or supported in the array. Creating a comprehensive and proactive storage security plan is essential, and includes assessing the risk factors, implementation cost, corporate and federal standards, skill levels, and speed for recovery. Fully understanding the cost of a data breach to the business is of utmost importance. Not only in short-term business costs, but corporate value can also decline due to a reduction in stock value.

The first step to creating a strong security plan is to define roles for those with data access: anyone with physical access to the arrays and drives, and anyone with access to the data itself.  It’s crucial to make this as specific as possible via access control, in order to detect or retrace any security breaches, and fix vulnerabilities.

Next is putting it all in place, starting with a solid foundation at the physical array level including data encryption. When deciding how best to implement encryption into your plan, there are different implementation strategies deployed by vendors. Some vendors use a layer of software encryption, while others utilize the processors built into the drive themselves, referred to as SEDs (self-encrypting drives). The latter approach typically provides better performance for high speed write operations, which is often the rationale for utilizing SSDs rather than HDDs.

Data encryption isn’t an indulgence. When it comes to your company’s data and customers’ privacy, the cost of a data breach far outweighs the implementation cost by a very wide margin.

Another facet of data protection that sometimes goes overlooked is prevention of data loss. When using any storage media, SSD or HDD, protecting your data is critical. With today’s modern storage architectures, there are multiple ways to protect data against physical errors (a drive failure) and human error (the CEO accidently deleted a personal file). Leverage array-based technologies such as snapshots, and longer term archival. These, in combination with data replication, offer layers of protection against the widest range of data loss. When combined with data encryption, your data is protected from the major causes of data loss.

For high growth companies, and those under legal requirements, safeguarding your data is always important. For example, Dell was able to help financial advisory firm Wunderlich manage the challenge of their decade-long 1,000 percent increase in data – data that was largely created by the demands of meeting security compliance requirements of the U.S. Securities & Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) on email and file retention, backup, and data recovery.

With a well-planned data protection environment, the risk of theft of a physical device is greatly reduced. Data encryption, combined with data replication, adds further layers of protection to ensure enterprises of all sizes operate with minimal downtime. While these approaches cannot protect against human error, the leading cause of data loss, a sound backup and recovery plan can restore data quickly with minimal disruption – even if the CEO deletes his or her own personal files. With the rise of flash, enterprises are able to store data faster than ever before, so more and more data is placed on storage arrays. Data protection is more important than ever.

Dell Storage Solutions, powered by Intel® Xeon® processors, offer layers of data protection including encryption, snapshots, data replication and backup software. We also work with our customers to develop new features that adjust to the changing demands of data security and protection. And no matter which data storage challenges are keeping customers up at night — cost, performance, security, or all three — our future-ready flash solutions have addressed these challenges and will put their minds at ease.

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, and Xeon Inside are trademarks of Intel Corporation in the U.S. and/or other countries.

About the Author: Bob Fine

Topics in this article