Around the Storage Block Blog
Find out about all things data storage from Around the Storage Block at HP Communities.

Mobile device security dramatization

P1100604 small.jpgI've been sitting on video of a security dramatization that the Nth Generation Players did at the recent Nth Generation Symposium I attended.  I had talked to Rich Baldwin (founder and former CEO of Nth) who was thrilled that his team had found another way to make an event new and fresh - I've never seen drama used at a tech event but this was done very effectively.  And lucky for me, they did it a second time because the first time I didn't have my Zoom Handy (audio recorded) connected to the sound board.  The video is longer than most I do but interesting in my opinion.

Labels: nth2012| security

Security Cloud Advisor Archie Reed

After VMworld ended, I was lucky enough to be on the same flight from Las Vegas to San Francisco as Archie Reed.  Archie attended many of our Cloud Advisor events including the one that we hosted for bloggers on Tuesday night.  Security isn't in my wheel house so this was great to be able to get some time with Archie and talk about the big picture.  Here's the podcast with Archie: 

NPI Day Part 2

By Calvin Zito 

In my previous post, I talked a little bit about our New Product Introduction (NPI) process and gave some pointers to a number of things that came from the latest NPI.  Here are a few more things to highlight:

  • We announced the HP StorageWorks SAN Virtualization Platform a couple of weeks ago - you can see the product page at   

  • We also had publicly announced updates to the StorageWorks Secure Key Manager at SNW Dallas back in mid-October.  You can learn more about the enhancements at or on the product page

  • We also announced new functionality on our XP24000 and XP20000 Disk Array family.  You can learn about the XP enhancements on the XP Disk Array product page.  Jim Hankins is writing a blog about External Storage Disaster Recovery with details so I won't spoil his fun.  Also new with the XP is support for Solid State Storage Technology.  One of our competitors predicted that we wouldn't have solid state storage technology until 2009.  I think we beat that by a bit.  Now we have solid state for both our BladeSystem and XP disk array with more to come.  No hype, just keeping it real!

  • Utility Ready Storage is an interesting solution that we've offered for a while and I'm guessing will get more interesting for customers with the looming economic situation.  There are some new services with Utility Ready Storage and a very good feature article describing it.  Here's a link to the article: Aligning storage costs and usage with Utility Ready Storage.

I've only touched on some of the NPI enhancements today but hopefully I've given you a small glimpse into what is going on. 

Calvin Zito

Storage Security at SNW

This week is the fall Storage Networking World in Dallas.  At the show, we made an announcement today focused on storage security - a topic growing in importance. 

Threats to storage security are real and can be a significant liability.  Seems as though not a week goes by in the press without another story of some data being lost, stolen or hacked. And there is a cost associated with these type of breaches.  Here's an interesting web-based tool from Tech//404 that calculates the cost of data loss from security breaches and identity theft.  The site also talks about a number of class action suits with class sizes ranging from a quarter of a million people to two million seeking damages in the range of $1,000 to $21,000 per person in the class.  There could be some mind-boggling settlements.

Encryption is relatively easy - managing keys is the challenge.  Multiple key management systems increases complexity and lowers the success of recovery.  We believe that centralized key management trumps a disparate systems approach because it's more efficient and offers better data availability.  Today's announcement has two components:

  • Enhancements to our HP StorageWorks Secure Key Manager - increasing the capacity to 2 million encryption keys per cluster and lowered entry price with a single client/node configuration.

  • Disk encryption for the XP24000 and XP20000 -   encrypts data on disk drives so that data can not be read off a disk drive that is removed without having the key.  Here's a short white paper that talks about the XP disk encryption. 

We have a web page that has a number of white papers, including from a leading analyst firm Enterprise Strategy Group, and other information on today's announcement.  While the announcement today focuses on storage, we have a broader security initiative called HP Secure Advantage Solutions.  We're driving solutions that protect data, protect resources, and provide validation. 

Here's hoping your data is secure and that we have a more secure week in the financial markets.

Labels: security| storage

I've been personally impacted by lost tapes


Hi Folks,

Yesterday I received a letter in the mail at home that started off:

Dear Sir or Madam,

We are writing to let you know that computer tapes containing some of your personal information were lost while being transported to an off-site storage facility by our archive services vendor. While we have no reason to believe that this information has been accessed or used inappropriately, we deeply regret that this incident occurred....

So the first question I have is how does an archive vendor lose tapes? How hard can it be to take the tapes from your customer put them in a secure truck and drive them to the storage facility? Isn't that your whole business model - you will pick up, transport and store these tapes safely and securely 100% of the time?

Now I understand that any activity with humans involved cannot be guaranteed to work 100% of the time. So what really happened? A bit more of an explanation would have been helpful, such as the truck was in an inadvertent accident and the contents of the truck were spilled into a river or all over the highway and could not all be recovered. Without more details I'm left wondering did someone make off with the tapes by accident or on purpose? Or was this just sloppy work by the company?

Anyway, I hope this is a call to action for this company to do at least two things to prevent such an incident in the future.

1. Look into tape encryption such as the LTO-4 offers. I would have been more much pleased if that second sentence read "While the tapes were physically lost, the data they contained cannot be accessed or read by anyone because the data on the tapes is securely encrypted with sophisticated technology requiring encryption keys to make the data readable. Our security policy ensures that these keys are always stored in or transported to physically separate locations from the computer tapes."

2. Consider the use of replication and electronic vaulting for moving data off-site for archiving. With new technologies such as deduplication and low-bandwidth replication, this company would perhaps be able to reduce the amount of data that is stored on tapes and physically transported to archive storage. Again, I don't know the specifics here, but as an example let's say this company had four sites that they were backing up to data to tape and transporting those tapes to off-site archives. With replication and electronic vaulting, they could replicate data from three of their sites to just one site for backup to tapes and then only have to move tapes from the one site to archive storage thereby reducing their risk exposure by 75%.

If you're worried about how a similar incident could impact your company and what risks are involved HP is here to help. We can work with you to significantly reduce your data security exposure from the desktop to your data center. On the storage side, we offer a FREE storage security risk assessment. For more details on HP's other data security options beyond storage please check HP's Security web page.


Follow Us

About the Author(s)
  • 25+ years experience around HP Storage. The go-to guy for news and views on all things storage..
  • This profile is for team blog articles posted. See the Byline of the article to see who specifically wrote the article.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation