Combatting increasing storage costs for end-to-end encryption
6 July 2018
Eran Brown, CTO, EMEA, INFINIDAT
Today there are two key data security industry trends:
- Stronger global regulatory requirements from authorities.
- Increasing sophistication levels by malicious hackers.
Protecting personal data that an organisation holds requires a comprehensive approach rather than just perimeter defence. This should be secure by design, protect against internal threats from employees unintentionally complicit in a data breach, and align with data security priorities now and in the future.
Worryingly, even some of the most security-savvy firms are focusing their encryption efforts in the wrong place.
End-to-end encryption (E2EE): the silver bullet?
Encryption of data can occur at many levels throughout the datacentre stack, from inside the storage array to the application itself. Encryption must be applied further up the stack to protect information in all layers, including in transit over the network, so it is immune to a data breach and the consequences of such events (See GDPR Article 34 Paragraph 3 as an example). CIOs who don’t adopt this updated gold-standard to protect customer data will undoubtedly be asked after a data breach why they haven't?
The collision with modern data storage
While implementing encryption at the application level is an emerging critical requirement to combat security threats, it can present a huge problem in the face of the realities of modern data storage. The use of All-Flash Arrays (AFAs) in the datacentre and their dependency on data reduction is colliding head-on with the ability to implement E2EE where it is needed most. E2EE disables the AFAs' ability to reduce cost, preventing organisations from achieving cost efficiency while protecting their customers’ private data.
In direct contrast to media-defined AFAs, storage solutions that adopt a unique software-defined approach, such as INFINIDAT’s award-winning Infinibox solution, create the foundation needed to achieve the level of data security required by today’s regulatory environments and tomorrow’s cyber-threats.
For more information, please click here.
Hello, and welcome to Business Reporter's "Data Economy" campaign. I'm Alastair Greener.
Organisations are generating more data than ever, and storage budgets are at record levels. IDC leading analysts have predicted a tenfold growth over the next decade. Customers are looking for new ways of growing their businesses and going through digital transformation, without spending all their budget on storage. To tell us more, I'm joined by Eran Brown, from Infinidat. Good Morning.
Is storage about to become a commodity? I think storage management is definitely becoming a commodity, through standardisation of management tools and APIs. However, storage cost is actually at an interesting point-- where for the first time in many years, due to some hidden limitations of existing solutions, we're going to see price increase.
But we hear about storage media getting less costly, getting cheaper. So why are storage prices going up?
There is an external force that we have to understand here. And that is, regulation. We have data privacy regulation around the world, with GDPR in Europe being the most prominent example. But we're seeing similar regulations coming to the US. And already some existing regulations-- like NYDFS, for example.
All these regulations have a common thread. And that is, you look at all personal data, all sensitive data, and you have to encrypt it. And it's the encryption part that's going to cause storage price to increase.
And what is it about the encryption that causes that price increase?
So let's break it down. There is encryption at rest, which is when you're encrypting the data as it is stored. And there is encryption in flight, which means data stays encrypted as it traverses the network, goes through the application, et cetera. And that is the one that we have to pay attention to.
Because all the regulators are saying, you have to do both. And if you're moving encryption up the stack-- so from the storage to the database or hypervisor-- even best scenario is the application. You're losing the ability to do what's called data reduction, which is deduplication, compression-- techniques that a lot of solutions in the market today rely on to keep their storage cost down. And it's those capabilities that will be affected, as we change to end-to-end data encryption.
And is this problem the same for customers, whether they are using on premises versus the cloud as a solution?
Not really. Both will be affected. Because again, encrypted data cannot be duplicated and cannot be compressed, whether you're on premises or in the cloud.
However, there is an interesting side effect to encrypting data while still on premise. And that is that customers are very wary about data security as they transition to the cloud. Well, if my data is already encrypted on premises, I cannot securely berth into to the cloud, or even transition completely to the cloud, because I'm no longer afraid of a data breach.
The worst case scenario for me is that somebody steals my encrypted data. Which even the regulators, by the way, do not treat as a data breach. So I'm protected as I go into the cloud, as a side effect of better protection on premises.
With these costs rising at such a high rate, and the implications being so great, what can Organisations do to control those storage costs?
So there are three separate areas you have to look at. Compute. Which, we have to remember, encryption is a compute-intensive process. So it's all about choosing the right hardware. If you buy a CPU today that is not accelerating encryption operation, that CPU will see higher utilisation as a result, wasting compute power. So that's the first place.
Second place is the application. And I'm talking mostly about applications you develop in-house as a company. If your developers are not writing their code with encryption in mind, they're not leveraging those CPUs properly. And again, they will consume more compute power, and waste money as a result.
The last one is the storage layer, where the biggest impact will be felt. Like we say, anything between three times to five times more expensive. And there it's all about, how do you choose a storage solution today, that as I start encrypting my data more and more will not see that three to five times increase in cost?
Tell me more about Infinidat, and where you fit into all of this.
If you think about it, customers have been asking for the same three things for years now. We need more capacity-- because we're keeping more data, we're doing more innovative things with it. To process that, we need more performance, so we need that from the storage as well. And we need all of that to fit into a smaller budget, because storage is already the top line item of the IT department.
Well, if you think about it, one of the more common solutions in the market today is all flash storage-- which solves the performance problem, but aggravates the cost problem. What we do is treat these three problems-- capacity, cost, and performance-- as a software engineering problem. We made it into a software problem. And as a result, we solve it with commodity hardware, without relying on all flash. Which allows us to really disrupt the pricing that customers see in the market, but also not suffer from that same limitation of three to five times increase in cost as you adopt end-to-end protection.
Now you say that, but there are going to be people out there who say, well, you know what, we're using all flash. We're happy with its performance. And we're not actually convinced about trying a different solution. What would you say to them?
It's important to remember that flash is one way of providing performance. There are others, and we offer one of them. But flash is not cost effective. That's where we come in. Talk to our customers. They're the biggest proof point there is.
And I'll give you an example of an online retailer, who for the first time, in the last Black Friday, was able to support the needs of the business-- for higher throughput for customer processing orders, to be able to grow the business for the first time. And at the same time, instead of going for an all flash solution that would have inflated costs, they went for an InfiniBox. Which reduced their cost, which frees money for the things the business needs-- the innovation.
You look outside of the retailer market-- you look at financial customers, you look at cloud customers, telecom-- we're practically in any vertical now. And for all of them, we do the exact same thing.
You look at an IT budget today-- 70% of that is what we call keep-the-lights-on budget, just to preserve what you already have. The top line item there is storage. You want to free up money for innovation. You take your biggest line item, and you look for savings there. That's storage. That's what we bring-- that disruption that enables new types of business.
It's really interesting to see how you've talked about potential solutions. But if you wanted customers and cloud providers to take away three main things in this interview, what would they be?
We look at 2017, and we see over a billion user credentials being stolen. That's just in 2017, and the trend is a growing one. So we have to understand that the data security threat is no longer outside the firewall, if my user credentials have been stolen. It's already an internal threat. Which is why all these regulators are telling us to go for end-to-end data encryption.
So now the result is that we have to look at the compute application and storage layers. And ask, when I choose a piece of that infrastructure today, is it, a, reducing my costs and allowing to do more innovation? Or b, creating a ticking-time bomb, that will inflate my costs over time. That's all there is to it. Look for the solutions for those three layers that will enable the end-to-end data encryption, by saving money and not wasting money.
And any organisation is going to want to save money, and hopefully avoid some of these massively escalating costs when it comes to storage. And it's interesting to see the different ways around it, and the solutions that are actually available.
It's been really great to find out more. Eran Brown, from Infinidat, thank you very much indeed.