Storage Games

Fear sells.

Politicians know it. Parents too. And the use of fear is a popular gambit for just about any IT purchase that's security related.

I've got no data to back this up, but I'll bet most organizations over-spend where IT security is concerned. Better safe than sorry, right? Maybe.

This week, we report that NeoScale is trumpeting a new capability that can manage multiple encryption keys across multiple data centers. The vendor is releasing an API in hopes storage partners will pick up on it and make this a data center must-have. (See All Keyed Up With NeoScale.)

As Mary Jander points out in our coverage, Network Appliance's Decru unit is among the other appliance makers poised to make a similar move. And Kasten Chase apparently announced something in this vein back in December.Now I'm going out on a long, creaky limb of my own here, but I find something disturbing in all this. As Jander tells it, Kasten Chase has reported remarkably little uptake for its key management scheme. Is that to do with Kasten Chase, or could that be because of enterprises' remarkably limited use of encryption? Or, is multivendor key management just so much overreaching by vendors? Will this add yet another line item to the IT budget, all in the name of better security?

These questions won't make me popular, even within my own organization. But someone needs to play devil's advocate here. Small wonder customers look at any sign of vendor gamesmanship and roll their eyes. Pity the marketing suit that has to try to sell something that will cost more and may be unneeded, at least now.

I am not saying key management isn't important. Indeed, according to this month's Byte and Switch Insider research report, it poses a major threat to storage network security. (See New Threats Drive Encryption.)

For now, though, getting multiple vendors involved in writing code for certain appliances just bothers me. It may help storage vendors on the marketing front to offload their key management functions to the likes of NeoScale, but they're unlikely to either reduce their own key management features or charge less for them.

Meanwhile, vendor shareholders and boards of directors may eat this stuff up, but so far, the concept of putting key management everywhere is a half-baked idea that is provoking little more than a collective yawn from customers.I can already anticipate the vendor rebuttals. "We save IT managers time and money by making it easier to track down encrypted data." What this fails to address is that if customers have a compelling need for encryption, the additional time data discovery might take is not going to dissuade them from adoption. The larger agenda is to remove one more objection to deploying encryption, or to wider encryption deployment that embraces more applications, locations, data types, and, yes, devices.

Nice try.

In his latest column, contributing columnist and master ranter Jon William Toigo points to another sort of vendor gamesmanship: channel stuffing. (See Money for Nothing.) In a nutshell, vendors are including bogus orders they never intend to fulfill as part of their financial reporting. Resellers become unwitting accomplices in this shell game, and are loathe to protest too loudly for fear of hurting their business relationships. Maybe this is a practice that CFOs and sales execs wink at, but it's all the more galling in the middle of the Enron trial. And don't forget that Bernie Ebbers got 25 years for such book-cooking.

Who's selling fear now, you say? Quite right. I'll put a lid on my indignation (for now). But I'd love to hear from those of you who've had it up to here with vendor games like these, or any others you'd like to call to our attention. Dragging that stuff out into the light of day is the best way we know to dispel most fears.

Terry Sweeney, Editor in Chief, Byte and SwitchOrganizations mentioned in this article: