EMC To Resell Storage Security Gear

EMC is beginning to offer storage security, though the data protection
products it will be selling are not purchased or homegrown.

The Hopkinton, Mass., information systems vendor has agreed to resell
storage security products from Decru, NeoScale and CipherOptics as part of
its Select Program, internetnews.com has learned.

The program makes it easier for customers to acquire third-party storage
networking components that are used with EMC gear, said EMC Select Program
General Manager Sean Kinney.

The news comes after a rash of security breaches at information carriers,
such as ChoicePoint, and lost tape cartridges from financial institutions, such as Bank of America and CitiFinancial.

These mini disasters have led corporations to look for new means of
protecting their clients’ sensitive information.

Decru’s and NeoScale’s appliances encrypt data at wire speeds without
choking performance. Both Decru’s and NeoScale’s devices protect data that
rests behind the firewall. CipherOptics protects data in-flight on a
network.

EMC’s embrace of storage security vendors is an interesting twist, though
not a surprising one given that Kinney said he and his team have fielded
customer requests to sell storage security products.

“Security is really a fundamental and rapidly evolving requirement that
permeates the entire IT stack,” Kinney said. “We believe customers will
implement these confidentiality features and appliances as one element of
their security strategy.”

Decru is the most prominent and interesting of the new EMC partners. The
startup is in the process of being acquired
by EMC rival Network Appliance.

Some might balk at the idea of buying gear from a NetApp subsidiary through
EMC. After all, NetApp and EMC have competed fiercely in the
network-attached storage space (NAS).

Forget all that. EMC has been under the gun from analysts and customers to
offer storage security products along with their comprehensive hardware
systems, software and services portfolios. EMC quietly bore the criticisms
and has been working with Decru behind the scenes to get a deal done for the
last two years.

Also, one of the conditions of the acquisition was that Decru would be
operated as a separate business unit, according to Decru Vice President
Kevin Brown.

“What we’re doing is essentially having a Chinese wall that allows us to
work with folks who compete on the storage side,” Brown said. “The fact is
there is no homogeneous storage network. Everything out there is
heterogeneous.”

Decru has some similar agreements with other NetApp rivals, but Brown
stressed that it would not meddle with Decru’s business course as far as
picking up new reseller partners.

“We’re going to have multiple partners,” Brown said. “NetApp will be one of
those, EMC will be one of those, and obviously we’re working with many of
the other large storage and networking firms out there.”

When NetApp moved on Decru last month, it touched off a round of speculation
about whether Decru rivals NeoScale, Vormetric and Kasten Chase might get
picked off by EMC, IBM, HP or Hitachi Data Systems.

Storage analysts say products from Decru, NeoScale and others have been
selling well in the past year, and not just because they are among the best
products in their class.

Combine the data loss dilemmas with new compliance regulations and the
notion of major storage vendors offering encryption products to customers
seems more like an imperative than an option. The encryption devices and
software stop malicious intruders dead in their tracks and helps customers
meet compliance regulations for preserving data.

Congress and state legislators have been getting in on the action.

The Identity Theft Protection Act (S.B. 1408), co-sponsored by Senate
Commerce Committee Chairman Ted Stevens (R-Alaska) and Hawaiian Democrat
Daniel Inouye, requires
companies, government agencies and educational institutions to disclose to
consumers breaches of both encrypted and unencrypted data and imposes fines
of up to $11 million for violators.

California already orders institutions to report data loss or security
breaches if the infrastructure the data sits on is not encrypted. This puts
pressure on banks and other organizations to secure their data better, which
in some cases could lead them to the doors of Decru and the other storage
security vendors.