Encrypting Deduplicated Data at Rest

Today, EMC announced a new software option that encrypts data on its Data Domain deduplication storage systems. Some may wonder why in the world data residing on such an appliance needs to be encrypted. After all, it’s hard to imagine a scenario where someone could somehow stash an entire rack mount storage appliance under their coat, walk out of a badge-protected data center, pass a live receptionist and then fire it up at home to begin accessing data. While such a scenario is daunting and impractical, it seems that disk-based backup appliances are being subjected to the same security measures as if they were magnetic tape. You know -the tape cartridge that is small enough to fit into your pocket or that has a tendency to get lost during transportation to offsite storage facilities.

Internal IT pressures via security audits and certain government mandates tend toward blanket statements that suggest backup data of sensitive nature be protected with industry standard encryption techniques. But how can you definitively tell where the sensitive data is and where it’s not? Making the wrong assumption can mean compromised data. The IT viewpoint might be that it’s easier to “just encrypt everything” and be done with it. While there can be trade-offs, encryption of all data at rest helps satisfy IT governance and compliance. It protects the user’s data against theft of the system, loss or theft of the physical storage media (the disks) and eliminates accidental exposure during the replacement of failed drives when returned to the factory. By encrypting data as part of the inline deduplication process, Data Domain systems give customers the ability to deploy encryption to more easily pass security audits without disrupting the benefits of deduplication for their backup and archive data. Check out more about this news here.

SNW Wrap-Up

I've just returned from SNW in Orlando. No one can deny that the show was quieter than previous events. But it appeared as though, those who did drop in took the show seriously, as the sessions were well attended and the exhibit hall was very active. I guess when travel budgets are tight, you had better come back to the office with more than just some chatzkes and a hangover.

Beyond our platinum sponsorship, Data Domain had a lot going on at the show. It was the first time our prospects and customers got a glimpse at 'Get Inline' - highlighting that Data Domain inline deduplication systems are fast, simple and safe. Dr. Hugo Patterson, Data Domain CTO, spoke on Wednesday afternoon about the critical design elements required to make storage perform in a way that general purpose systems were never intended to be used - variable sized segments, instead of fixed blocks, going fast WITHOUT adding spindles and actually processing data content, not just passing it through.

Brad Blake from Boston Medical Center spoke about his Data Domain implementation. This was particularly interesting given that he recently expanded his use of our system beyond backup to address archive challenges, choosing Data Domain and Mimosa NearPoint™ e-mail archiving software over EMC Centera.

As for SNIA-related activity, Data Domain was the theme lead for the first ever deduplication lab in the recurring Hands-On Lab program. We saw about 50 attendees come through the lab to take the Data Domain exercise. The Storage Networking Industry Association Data Management Forum Data Protection Initiative Data Deduplication and Space Reduction - Special Interest Group (yes, the ol' SNIA DMF DPI DDSR-SIG) included a section on dedupe in the 5th edition of the popular DPI Buyer's Guide released at the show. There was also a deduplication tutorial presented by the SNIA education committee. Many more hands were raised compared to last SNW when the audience was asked who was using deduplication. But, you could also see from their questions that new buyers are getting confused by recent market entrants stretching their positioning as they attempt to make themselves relevant in the space. It serves as a good reminder that, as a buyer, you have to keep asking the hard questions of every vendor and making sure that they provide references and documentation to prove to you that their solution is going to work the way they say it will to solve your storage problems.

Back to the Future

I've been spending a lot of time 'talking mainframe' lately. The rumored union of IBM and Sun seems to have stirred the pot on mainframe backup. IT managers that have relied on these companies for data protection want to know what's going to happen to tape silo and VTL products from both companies, some of which were already on their way to end of life or even end of support anyway.

The mainframe discussion is not new for Data Domain - we've had a strong partnership with Luminex for a few years now and are consistently winning business together. We recently published a new case study that highlights how the joint solution can get customers out of mainframe tape backup altogether - in this case retiring a number of expensive IBM tape drives and its VTS infrastructure. It's a good read unless of course you happen to be a tape vendor - perhaps a Dean Koontz novel would be a little less scary.

Observations from Gartner Data Center

Welcome to Dedupe Matters. I am thrilled to have the opportunity to post messages alongside my fellow bloggers on this site. I notice as I write this that 'blog', 'blogging' and 'blogger' aren't even recognized by spell check as real words, yet blogs are quickly becoming an important tool in the way we communicate with each other.

My real job at Data Domain is all about communication, with a broad range of audiences - our sales and technical resources, our channels in every major market in the world, our technology partners and, of course, our global customer base. I am constantly challenged to find new ways to reach these audiences with the right message at the right time. This forum gives me a method to do just that, faster than any data sheet or white paper can be created. And this is the best part -- with real time feedback from you.

So I'll be using my time on Dedupe Matters to discuss my insights on content pulled directly from the sources of information that all of you rely on to get news about storage vendors, technology products and services. We will be talking about the latest product introductions, interesting case studies involving deduplication, best practices for enterprise applications and even observations from industry shows and events.

For instance, I was just in Las Vegas for an industry show for the 6th time this year, this time working the Gartner Data Center Conference. This was one of our best shows in 2008 in terms of reaching key decision makers at large enterprise companies. Sessions featuring Data Domain customers speaking about their implementations of deduplication are always a great draw for those considering the technology, and this show was no exception. Upon returning home, I saw this note from a financial analyst that had attended the show:

"The surprise standout company at the conference was probably Data Domain. Data deduplication ranked number one in the storage session polling for new technologies (w/34 percent acceptance) and the Data Domain booth was heavily trafficked."

In one respect, Data Domain and the value it offers to its customers should be a surprise to no one if I am doing my job right, but it is very gratifying to see that we have made a connection like this with a member of the storage ecosystem.

This makes me wonder -- when was your first connection to Data Domain? What was the message that really got your attention and why? I'd be willing to bet that there are some great stories out there and this would be a fun place to share them if you would like. I think mine is pretty interesting, but I will leave that story for another day.