Encryption: Am I missing something?

Today, I came across Deni Connor's blog entry Bush catches onto data security mentioning that Office of Management and Budget issued security guidelines (PDF version). As with everyone else in the media, it seems OMB is also recommending encryption for data-at-rest as a way of securing data.

Six months ago, I also posed a question to Hu Yoshida at HDS (See Waiting for my Marriott Letter) about his comfort level with encrypted versus unencrypted state of lost data. To which, he responded:

My vote would be for encrypted and not lost. But since it is lost, it would make me feel more comfortable if the data were encrypted. (See More Comfortable, encrypted and lost?)

I am sure most IT people have some awareness of technical issues with encrypting data-at-rest like key management and encrypt/decrypt performance, etc. I am not a cryptography expert and my concern is very simple and non-technical:

Can anyone assure me that current encryption level used for data-at-rest will not be cracked in the future?

I prefer immediate feedback instead of delayed gratification so I rather see the impact of my personal data loss immediately instead of five or seven years down the road. At least if my data is compromised tomorrow and proper disclosures were made, I know where and how my data was lost, who is responsible and what corrective actions needed to prevent further misuse.

But if the same data is compromised five years later, I have no information on the source of data that was compromised, recourse and leverage with organizations responsible for it. Most organizations may not even accept legal responsibility claiming that they offered credit monitoring for limited period in return for individual waiving any future claims.

With encryption of data-at-rest, are we trading peace of mind today for getting screwed tomorrow?

With the current disclosure practices and lack of fraud detection methods, I feel that encryption is going to create an underground "futures" market for trading lost data.

Be like G.....

This evening, while reviewing my blog feeds, I came across this interesting statement in Xooglers blog entry Brilliant! Love it! Now, could you change it all around?

Having free-flowing, unregulated communication within a company can be distracting, annoying and damaging to one’s ego, but it lets you know pretty quickly when you’ve stepped across a line you shouldn’t have crossed.

I wish storage companies can encourage such free-flow conversation within their organizations. Most probably, just a wishful thinking. Who in the right mind within storage company management will take such a risk?

Today, I had a great discussion over lunch with a founder of seed stage storage startup in Denver. More about it over weekend from Vancouver.

Only two storage companies on B2 100

The latest issue of Business 2.0 listed their annual ranking of technology businesses with really booming business. Two things stood out on the list:

1. Only two storage companies on the list: Western Digital at #48 and Network Appliance at #98. This was surprising. I expected to see more storage companies considering most market watchers keep harping about the exponential growth in data storage requirements.
2. Sixteen out of 100 companies focused on healthcare market.

#48 Western Digital - Why It's Hot

The No. 2 maker of hard drives (in Dell PCs, TiVo's DVR, and Microsoft Xbox) is gaining market share as rivals Seagate and Maxtor merge.

#98 Network Appliance - Why It's Hot

Increasing demand for data storage boosted server sales by 30 percent in the quarter ending in January, and the share price has since rallied.

From SeaGator - A puzzled vision, "In short term, SeaGator loss will be gain for Western Digital, ...." I am glad to see that I wasn't way off in my analysis of Seagate Maxtor merger.

I don't agree with Business 2.0 reason for why NetApp is hot. In my opinion, credit for NetApp success goes to its sales people who are pounding the pavements like never before. I can't recall any situation recently where NetApp name didn't come up.

I am not surprised to see the booming business being performed by healthcare technology companies. Being personally involved in projects with combined installed storage capacity of 4PB+, in my opinion, healthcare industry is becoming a major consumer of storage. Congratulations to my friends at Merge Healthcare for making the list at #37!

Transition to Seattle

Some of you inquired about my whereabouts after noticing location changes on my blog. And you guessed correctly, I decided to relocate to Seattle from Toronto few months ago. The reasons behind my relocation are wide ranging from personal to professional - cold weather and risk-averse society in Toronto stands out prominently.

Recent essay from Paul Graham (See Why Startups Condense In America) pretty much sums up my thinking and experience about the startup environment in Toronto versus West Coast. As any entrepreneur will tell you, they may have not succeeded this time but they will try again one day and most likely that will be true for me too.

The contact phone number and email address listed at ANDIROG will continue to be the best way to reach me. And if you are in Seattle area or anyplace I am visiting (Hot 99F Denver this week), I will be happy to chat about storage, blogging, startup and anything else over a beer!

Parallel SCSI devices get a new life ...

Earlier this week, I received a message from Maggi Brown at Paralan Corporation mentioning family of Bridges to support parallel SCSI to iSCSI. I don't have any experience with this product. But if it works as proclaimed and reasonably priced, we can dust off our old parallel SCSI storage and tape devices and reuse them again.

As I wrote before (See WinTarget Alternative), I was very impressed with WinTarget that gave users capability to turn any Windows Server with excess internal storage in to an external storage array for other servers that need more storage. I believe this Paralan product falls in to similar category allowing the use of obsolete parallel SCSI external devices without the hassle of bulky cables hanging from the servers. Those cables were at the root of most problems in parallel SCSI world.

One potential application of this device may be with obsolete parallel SCSI disk storage in the area of storing personal non-business data of users.

Most IT practices recommend to discourage users from storing personal music and video files on network drives by active monitoring, notification and deletion of such files. I don't subscribe to such methodologies as I believe in human creativity that will figure out circumventing such measures, sooner or later. Instead, I believe in giving what users want and then managing storage of such data by delivering different levels of user experience through quality of service.

With Paralan bridge, the parallel SCSI storage devices can be installed at a central location. With file migration techniques, these obsolete devices can be used as primary storage for non-essential user data like music and videos.

This is just one of the many applications, I can think of, for this bridge product.