The Rise of Encryption, the Fall of All-Flash
I realize the title of this blog sounds ominous. For any companies that have adopted an all-flash data center initiative, the situation IS ominous. Simply stated, if you are invested in all-flash today, you have big problems coming soon. End-to-end encryption will destroy your data reduction, increasing your TCO by 5-10X!
Eran Brown, INFINIDAT CTO for EMEA, has posited in a recent customer presentation that implementing application level data encryption is both an emerging critical requirement to combat security threats, while at the same time a huge problem in the face of the realities of modern data storage. Eran’s research brought forward the fact that data breaches are increasing at all levels of the IT stack – from user level compromises via email attacks, to data corruption and theft on the storage array where it lives, to theft of data being transported across unencrypted networks.
Information Risk is Increasing
Information vulnerability is on the rise – Equifax, Target, Anthem, Yahoo, and many other entities handling sensitive data have been compromised. The impact of these breaches is massive:
Target – 70,000,000 customers compromised
Equifax – 143,000,000 users compromised
Anthem – 80,000,000 health consumers compromised
Yahoo – 1,000,000,000 users compromised
A recent Senate Intelligence Committee interview of US intelligence agency officials (CIA, FBI, DOJ, etc.) indicated that their top security concern is information hacking by China, Russia, and other hostile governments.
The Risk to Businesses is Increasing
Just as the risk of serious data breaches is increasing, so is the impact on those companies that don’t adequately protect their customer data from those breaches. New regulations already enacted (e.g. HIPAA, GDPR) can penalize a company up to 4% of their annual revenue for not adequately protecting customers’ data. This would be a crippling penalty if that was the sole impact, but it is not. In the second largest data breach to date, financial information of 45 million customers was stolen. After penalties and lawsuits, the financial loss to the firm is thought to be between 256 and 500 million dollars.
According to an article titled “Data protection in the United States: Overview” the author, Ieuan Jolly of Loeb & Loeb states, “The Ponemon Institute calculated that in 2016 the average cost of a security breach to a company was US$4 million up from US$3.79 million in 2015. Breach prevention and notification is an increasingly costly proposition, with a 12% increase in per capita cost just since 2013. In addition to civil and criminal sanctions, security breaches can have far-reaching consequences for companies in terms of loss of customer confidence and trust, customer churn, and loss of revenue, market share, brand and shareholder value.
The High Cost of Storing data
The rise of end-to-end data encryption is inevitable, and the solutions are already available across the stack: Database/VM/OS level encryptions have been around for years and have a mature ecosystem.
There has been another rise in the data center over the past several years that is now colliding with end-to-end data encryption – the rise of the all-flash data center. Nearly all storage vendors are pushing all-flash arrays as their only recommendation going forward. In making these recommendations, they are sticking to their old playbook: as application performance requirements increase, sell the fastest, most expensive media. This time around, it is flash. Soon it will be NVMoF, and then next-gen persistent storage, both increasing cost further.
These vendors must pass the high cost of this media on to their customers. I’ve blogged about this elsewhere and will leave it up to the reader to think about the vast difference in cost between the all-flash vendors and INFINIDAT’s Neural Cache architecture. Perhaps the greatest telltale sign of the different architectural approaches is that all-flash arrays must rely on data reduction strategies (deduplication, compression) – and increasingly guarantees of those strategies – to bring the cost per TB of their arrays down to a level where the sticker shock is just below heart attack level.
At INFINIDAT, we’ve had tremendous success replacing all-flash arrays with our InfiniBox platform that is faster than all-flash, delivers seven nines reliability, scales to multiple petabytes, and has a low TCO, all without compromise.
Data reduction occurs within the storage array – either in-line or post-process, after the data is written to the persistent media layer. The efficiency of the reduction depends entirely on the identification of patterns in the data that can be exploited to increase the amount of data stored on the array by many times (5-10 times or more if marketing claims are believed).
Encryption generally involves randomizing data. It can occur at many levels throughout the data center stack – from inside the storage array itself, to network level encryption, to the operating system of the application server, to the application itself. As Brown points out, however, data encryption that occurs on the storage platform cannot protect data in flight between the storage array and the big, bad world outside of the array – application level encryption gives the highest protection level to data.
The bad news for the all-flash array is that end-to-end (application level) encryption fundamentally defeats data reduction. This is bad news for some folks who believe that their approach is viable in the long run. Inevitably, the value proposition of any all-flash array that continues to support end-to-end encrypted applications will suffer as the original cost/TB justification goes out the window.
Instead, we recommend a software-defined approach based on math, not fundamentally based on media. A recent conversation with one of our clients, a large financial services firm, validated the challenge of running encrypted applications against their all-flash arrays. When they implemented end-to-end encryption their data reduction results went from 7:1 to 1:1! Imagine if you were already spending twice as much for your all-flash arrays as you would for an InfiniBox and then found your cost suddenly went up 700%. Hello, heart attack!
The Wise Choice
As customers experience low data reduction rates, we see them making the wise choice by switching their all-flash footprint to INFINIDAT.
INFINIDAT innovation means that your organization can experience faster than all-flash performance, better than all-flash availability, and lower than all-flash storage costs. – both for your encrypted AND unencrypted data.
So as you evaluate your exposure to data compromise going forward, why not make a wise choice and ensure a budget-breaking storage bill doesn’t surprise you after implementing end-to-end encryption? That choice is INFINIDAT storage.