Friday, 31 August 2007

Data Nirvana

I like to oversimplify things. Not only does it mean I can understand them better, but it gives people the chance to criticise me, and start unneccessary arguments, which are, of course, the very staff of blogging. [Apologies to Leviticus (26:26) and Jonathan Swift for the mangling of prose].

Rich is going to blog some more on this in the coming days, so I won't add anything he hasn't already said to this précis, but I have been finding it increasingly difficult to keep up with him and Hoff with their ping-pong evolution of data security over the past couple of days.

I like to think of myself as a tool, in fact people often say to me: "Rob, you're a tool." So obviously that helps.

DLP= data loss prevention technology. There are a few players in this space, Vericept and Vontu being two that spring to mind. They are essentially passive endpoint filters which sit and monitor all data which is leaving and entering a closed system. The closed system needs to apply it's own classifications to data to prevent leakage or data loss. Hoff thinks it's a feature, not a product, which I only agree with long term. For now, it's a product in itself, and an important step on the roadmap.

CMF= content monitoring and filtering. As Rich says, this includes an extra step, where data at rest can be searched and classified.

CMP= Hoff's expression, content monitoring and protection. The next step in evolution, where the two are combined, so data already in the file system is protected when the solution is put in place, rather than waiting until each file is accessed. This is maybe why Hoff thinks DLP is a feature. Of CMP, it would be. However, so would encryption, key management, integrity, policy management, data classification, etc.

To make the full product, there needs to be a platform to build on, and there are yet more features needed. This is something I've started to pick Rich's brains on already, he's talked about policy and workflow management. This is something I want to pull Hoff into if he will oblige. In my opinion there are couple of ways this could unfold. As Rich says, EMC with Tablus could become a market force, and as they seem to be the biggest in the market right now, I expect they will be. I would like to see their roadmap and plans for addressing the market.

There is a company in the UK called Njini who are doing data-classification right now, with nothing fancier than that. They are focusing on de-duplication, which is a real business driver, with a real ROI, not a "Security ROI", i.e. it provides a GAIN, not just a prevention of possible /probable loss. There are plans afoot to develop this into a full data management system, where classified data can have encryption, integrity, compression, etc. applied as required.

I know of at least one other security company who are heading down the classification route, and I think it's a good move, because it makes business sense, not just security sense. I'm not sure EMC have got this yet, and are just going to add Tablus functionality to their high end storage. I would like to be proven wrong, but as far as I've seen so far, EMC really don't get security properly. In which case, someone else could undercut them, and their storage positioning, before they notice.

That someone else, again, in my humble opinion, could be someone small, and therefore might not make an impact, it could however come from somewhere better positioned from the get go.

Just a hypothetical question here, but what would happen if Microsoft implemented a proprietary data classification system in every Windows release from now on, included the code in the next set of Windows Updates even? How simple would it be for them to control storage then? How many of the encryption companies and integrity providers would want to be part of that? How much WORM storage kit would become redundant overnight, or at least require a total shift in marketing?

Is this what EMC are trying to achieve? Undoubtedly. It would give them a stranglehold on the storage industry like never before, but can they do it without the help of Microsoft? I don't think so, but then I think that's exactly what SISA is about.

You tell me, I may be barking up the wrong tree entirely. People often say to me: "Rob, you're barking." There have been tree references made, how wrong it is, and how far I am up it. So that helps.

No comments: