Another PodTech Exclusive: Network Appliance Podcasts Uncompromise Security Initiative Announcement

I posted an exclusive podcast with Network Appliance for their security announcment today

Here is the full transcript of that release.

Host: John Furrier, Founder

Guest: Kevin Brown, VP of Marketing, Decrue a Network Appliance Company

John Furrier: Welcome to the Infotalk series. We are here at the Network Appliance headquarters with Kevin Brown the Vice President of Marketing here at NetApp in charge of marketing at Decrue.

John Furrier: Welcome to the podcast.

Kevin Brown: Thanks.

John Furrier: Network Appliance has been a leader for years in pioneering storage … storage area network among other technologies. Now you guys are moving into a new area extending the pioneering work with data encryption and intersecting in security. Talk about what you guys are announcing today.

Kevin Brown: Yeah that’s right. If you look at NetApp’s history, it has really grown up from an innovator in mass storage to a unified storage platform that could handle multi protocols in the same appliance to a whole storage system company with replication and disaster recovery. There are a lot of innovations around how do you create snapshots of data and comply with regulations Now, what customers are pushing for is expansion of that into the next level up, into data management. It’s not just can you store the data, but can you really manage it? Part and parcel of data management today is security. This is one of the top topics that everyone in the federal government to Wall Street to the entire Fortune 500… Fortune 2000 are really looking at as a priority. Building security into data management; that is where the innovation is. That is where the acquisition of Decrue has played in over the last few months.

John Furrier: The world is changing. Everyone talks about how the environment is changing…with security. Everyone is always connected…always on. There is huge talk about security. You were with Decrue which recently was purchased by NetApps this past summer. Talk about what Decrue is doing and how that fit into NetApp’s plans.

Kevin Brown: Sure, NetApps had a number of security initiatives in the past around the NetCash product line for gateway access… for Internet access and security and a number of native security features. The Decrue acquisition brings in some expertise around encryption, around access control, authentication … some of the tightly bound features that are being injected into the storage networks themselves. One of the things that was unique about Decrue is we took some thing that was relatively hard and slow…encryption and it was very difficult to employ in an enterprise type of an environment. Much like NetApp has done over the past few years, we did a lot to simplify and remove the tradeoffs. What used to be slow, invasive and difficult we’ve taken and made it really fast. We made it very easy. We tried to simplify and make it very robust…taking something that’s been hard to do, for enterprises, and simplifying that to address a major business need.

John Furrier: Storage is getting bigger. Everyone is storing more photos, more podcasts; these files are getting bigger. People are always connected. Storage is part of the critical infrastructure. From a security standpoint what did Decrue do in terms of speed? What other things fit into, from a user perspective, where the security (for enterprise) what this means?

Kevin Brown: Sure. If you look at the history of storage it started out as direct attached … a little disk drive attached to a server. Over the last few years, to handle the explosion of data, as you mentioned data has increasingly been centralized into very large pools of shared data, and now increasingly being replicated… so there are multiple copies of that data. You take all your eggs and you put them in one basket and you make eight copies of that basket for disaster recovery and for information sharing and compliance. All of a sudden, what used to be little pools of data which were relatively separate are now all in the same basket. From a security perspective, this is a real problem. It gives you benefits in terms of not losing your data. There is a dilemma you want to make copies so you don’t lose it if there is a hurricane or some other type of disaster. You’ve got to have copies. But the more copies you make, the more risky it is in terms of theft. What Decrue has come in with is a turnkey appliance, a piece of hardware very much like NetApp storage. We sit in the middle of the data path, and we can encrypt selectively everything at wire speed. Our new box that we just launched, our 10 port box, we are doing a total of 10 Gb/second of throughput in single box. These are very, very fast pieces of hardware. We can do it invisibly without changing any of your existing infrastructure or workflow. It’s taking something that is very hard and applying military grade security. We are used on the battle field today by the military. Those same boxes are now being plugged into credit unions to protect your credit card number.

John Furrier: That’s unbelievable. Basically, it evolves to… First, it was secure your network. Now everyone is always connected. Now the next phase is secure your data. It is obviously key.

Kevin Brown: It’s a good observation. Where security started, ten years ago you would telnet to each others computers over the Internet. It was totally cool. People started to realize there are a lot of threats over the Internet. So today if you plug in a network without a firewall you are fired. Things start as a good idea maybe for the military or banks, but then really quickly move into best practices. Data encryption. If you look at data in flight, like shopping on the Internet, you wouldn’t shop on a site that didn’t have a secure webserver or Https. You just probably wouldn’t do it, because you would be concerned about your credit card. How much more so for the company that is storing 14 million credit cards in a server and they are sitting there all in clear text…readable formats? That is just the way the storage grew up. You start from these little pools of data. They never changed the formats. What we’re doing is we are trying to change that, so that you have layers of defense. So that whether you are a bank or an HMO or the government or a manufacturing company…everyone has secret data that they are trying to protect. As you look at the layered defenses… one sort of tongue and cheek comment from our team was, “What do you call a firewall with a lot of holes punched in it to work from home and to work with partners? That’s called a router.

John Furrier: It’s unbelievable; you have to really protect that data. You can’t side load anymore. Everything is about complete ubiquity in terms of access. Let’s talk about the announcement. You are announcing at NetApp today a new initiative. Talk about the new initiative you are doing. It is called Uncompromised Security.

Kevin Brown: What we are trying to do is to put a wrapper around all of the different initiatives and product announcements and so forth that we have within the company so that people understand the direction and where we are going and the commitment that we are making to the customers. I just came back from Wall Street. Some of biggest customers just came back from a meeting with a lot of the Fortune 500…a meeting on Capitol Hill with legislatures. There is a real concern about we need the tech vendors to make a real commitment to securing data, to building security into their systems. We are responding with is, really, that commitment of, “we are going to build products, we are going to partner with other companies to make it all work, we are going to organize ourselves in a way that we can very quickly integrate in this area.” There is a pretty holistic push. There are a number of products, for example, which really come with substance today. For instance, NetCash product for the Internet access, gateway security, the Decrue products that we are shipping today many, many large customers using that in production today. Iron Mountain, for example just announced that they are using it for all their data and they’ve now recommended to all 40,000 of their customers that they ought to encrypt data before giving it to the courier. We are making a pretty big push around the technology itself and also all of the business backing. There is no one product that is a silver bullet. This is a sustained initiative. What our customers told us is it is important for our vendors that we rely on to invest in us.

John Furrier: You guys are using your leadership position as a company to go out and spearhead… pulling together the policy side and the business side… leading the charge of what the policy should be for data security.

Kevin Brown: Yes that’s right. And we have been serving as a resource for Congress, who is starting to look at these issues that involve technology. We have been asked. We have met with various Congress People and their staffs, to talk over these issues, to make sure that we can help streamline legislations and regulations for companies, so that it makes sense for them. We can do all the things that are needed to protect consumer data as well.

John Furrier: You mentioned in your press release, it states, “The accepted definition of acceptable security is alarmingly weak.? What do you mean by that?

Kevin Brown: Let me give you a couple of examples, easy to understand ones. You look at backup tapes. They have been falling off the back of trucks, probably for a long time. It is only in the recent past that people had to start thinking about how much exposure there is. If you look at the new backup tapes that companies are using, you can hold almost a terabyte of data on a single tape. You are able to put all the data you want on that. You could put every credit card on the world on a single backup tape and put it in your back pocket. If you printed that much data out on paper, that’s twenty million pounds of paper. All the rules that have to do with, that have lasted for a million years, of what you do with paper or papyrus or stone tablets, all of those types of media which were well understood, the rules all change when you go digital. The issue that people have is they are starting to realize, “Wow, there is a lot of exposure.? Ninety-three percent of companies are sending these offsite with no protection at all. It is a matter of statistics. If you send around millions of tapes, some of them are going to fall of the back of trucks. Some of them are going to get lost. In this case, you can expose many, many millions of people. As a public policy issue and as a company’s responsibilities to its consumers this is a hot topic.

John Furrier: So this is where the encryption comes in I imagine.

Kevin Brown: Exactly whether it is a backup tape you want to have it encrypted in case it falls off the truck…or whether it is a big database holding millions of credit card transactions or bank account or x-rays…you can imagine the different kinds of data…source code, pharmaceutical designs.

John Furrier: It sounds so easy, just encrypt it. You are saying was it has been an issue of “slow?, “practices??

Kevin Brown: If you look at today’s networks these are Gigabit Ethernet, 2 Gigabit fiber channel going to 4 Gig going to 10 Gig. These are very very fast networks. There are a lot of products than can do encryption. Encryption has been around for 4,000 years, but to do it fast in these kinds of environments without disrupting any of your enterprise applications or systems with all the interoperability and with a level of security that has been certified up to the military levels of security, that’s pretty unique. That is what people are looking at. If we are going to put security in we can’t have any of the compromises. We can’t have the tradeoffs of slowing down our networks, or making harder to recover data in a disaster. We can’t have it harder to manage. We are already up to our eyebrows in work. That is the set of data management challenges that NetApp excels at. The idea of simplifying data management now including not only the storage, but really the manipulation and the security of that data, that is the bigger vision that we want to make sure that people understand as we are rolling out new products, new initiatives, new partnerships.

John Furrier: What you are saying too is, “It is not just network-centric it is storage-centric.?

Kevin Brown: It is data-centric.

John Furrier: Exactly.

Kevin Brown: The other important thing about this is the customers are asking for us to have a very grown up and mature approach to this. They say, “Look we’ve got many different vendors in our data center…your competitors…different companies.? We need solutions that work across all of these. One of the things we did, again to fit with this initiative, is we have carved a crew off as a separate subsidiary. That is fire walled off. So we can work with any storage company, even if they compete with NetApp storage products. We can collaborate with them to solve a customer problem, to work on engineering, interoperability, testing and all the things that make it easier for customers.

John Furrier: You have to get behind the curtain. You have to be exposed to some of the customers “jewels? in terms of systems, and that would include your competitors. That would make a lot of sense.

Kevin Brown: Yeah, think about IBM. They have had to deal with this. Everyone competes with IBM. Everyone works with IBM. They have learned how to deal with this. As you look at different companies like NetApp that are growing quickly, it is something where all of us realize that we need to be able to accommodate a more complicated model of working for customers’ benefit.

John Furrier: Well Decrue is a great solution. We are here with KEVIN BROWN the VP of Marketing of Decrue, a NetApp subsidiary company…fire walled off to work with customers in all types of areas. Final question for you, what types of solutions can NetApp customers and Decrue customers see in the next year or two?

Kevin Brown: I think you’ll see us continue to innovate in terms of being able to cover the entire enterprise with a single platform. We’ve already rolled out NAS, DAS, SAN, and ISCUSI Tape. We’ve just rolled out SCUSI tape. We rolled out our new 10 port encryption appliance, software that automates all the key management and really bundling this together with NetApp storage and other solutions to really make it easier for customers. If you look at the analogy of the car, when they invented the Model T, it didn’t have any windows, locks alarms… today you just wouldn’t buy a car with out security. There’s one button on your key ring that turns it all on and off. It is very simple, even though that is different companies working together. It’s that same model for the customer. We’ve got to make it simple. One button, simple, all works together, it’s tested, you get it and it works. That is really where a lot of the focus is in terms of partnering, in terms of solutions, testing and innovations. We are really excited about the opportunity to work closely with customers to really solve some pretty challenging problems coming up over the next few years.

John Furrier: That is a great analogy. Make it comfortable. Make it work. Make things easier for customers.

Kevin Brown: Yes.

John Furrier: Well I do have one more question, which I realized that I wanted to ask. You mentioned that you were in D.C. What are some of the legal things? You were out with the founder of NetApp, talking to the legislators. What was the outcome of that? What were some of the discussions that you guys were having?

Kevin Brown: What is happening right now is there are a number of bills in Congress that are in committee and are being looked at and are working their way through. The way that D.C. works is they take the different bills and ideas, and they sort of combine during the process to come up with some sort of an aggregate… sometimes better, sometimes worse. The idea is some of the people who are writing this legislation today, either the Congress People or their legislative staff, we have been in contact with them. They asked if we could provide some perspective in terms of “how practical is this?? What is really the test? For example, if a tape falls of the back of the truck and it is encrypted with military grade encryption that is used on the battlefield today, is that good enough for credit cards? We think it is, but that is … a lot of these things that are a combination of public policy, business and technology. Where we have a unique role to play is we are working with government as a customer and in other ways. We are working with all the big enterprises and we make the technology. That is a place where we can try to contribute, to end up with a good win-win for consumers, for enterprises, for everyone.

John Furrier: The uncompromised security issue. How do customers get involved? Is there a forum? Is there website? How do people get involved with you guys?

Kevin Brown: What we would love to invite folks to do is to continue to track us. We have got a few customer newsletters and other ways that you can stay up on this. If your job involves data management and looking after the compliance and the safety of the data in the corporation, these are topics we think are pretty good to be smart about. We can certainly help out in terms of the technologies, how it is working, and some perspectives on how this rolls out. Again, what we believe is that there is no one point in time that you launch security and you’ve got it forever, right? It is an ongoing process. We would invite folks to stay in touch with us by our website or through podcasts like this, and to continue to educate themselves. We want to help out. From the perspective of technology, our commitment is we want to deliver a set of solutions that don’t compromise on either security…really give you the top end military grade of security when you need it… and don’t force you to compromise to trade off all of the things that have been painful in the past, whether it is performance or simplicity or inoperability etc. That is our brand promise, “How can we simplify data management? How can we let you get your business done with no compromise??

John Furrier: Simplifying data management. We are here with Kevin Brown VP of Marketing with Decrue a NetApp company announcing the Uncompromised Security Initiative – really pioneering a whole other level of our history, which is security-centric, data-centric…security and data. Thank you for the podcast.

Author: John

Entrepreneur living in Palo Alto California and the Founder of SiliconANGLE Media

1 thought on “Another PodTech Exclusive: Network Appliance Podcasts Uncompromise Security Initiative Announcement”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s