By Ann Silverthorn
Citing customer demand for data security, Network Appliance is in the process of acquiring Decru, a privately owned storage security company, for approximately $272 million in cash and stock. The deal is expected to close in October.
Decru’s DataFort security appliances encrypt data both at the perimeter and within a storage network. The appliances work in NAS, SAN (Fibre Channel or iSCSI), virtual tape library (VTL), and tape environments. Decru will operate as an independent business unit of Network Appliance.
The deal comes on the heels of Net-App’s acquisition of VTL vendor Alacritus for approximately $11 million, providing further signs of NetApp’s strategy to branch out beyond its NAS stronghold.
Decru currently has partnerships with EMC, Hitachi Data Systems, IBM, and StorageTek, and Network Appliance plans to continue those relationships. Still, following Sun’s acquisition of StorageTek, analysts are skeptical that such relationships with competitors will survive.
Rhoda Phillips, storage software research manager at International Data Corp. (IDC), says it will be a challenge for Network Appliance to keep Decru independent. “The challenge will be how to present a clear picture to clients about what the message is and not have the companies’ two sales teams colliding with each other,” she says.
Phillips sees NetApp’s acquisition of Decru as a strategic effort to expand its presence in data management and data protection rather than a tactical move, as was the Alacritus acquisition.
Suresh Vasudevan, Network Appliance’s senior vice president of product management, says, “Our perspective is that the data security problem is truly irrespective of whether the data is stored on an EMC or NetApp system. We don’t want to just solve a NetApp data security problem. Decru’s appliances work transparently, no matter whose storage is deployed.”
Data security breaches can take the form of an attack or can be accidental. Either way, the security breaches and backup tapes lost in transit that have been much publicized recently are probably only the tip of the iceberg. And the fallout from the stolen information has yet to be felt.
“Most of our customers have invested in anti-virus solutions, Spam filters, VPNs, and firewalls for perimeter security,” says Network Appliance’s Vasudevan. “Those investments only protect from attacks from outside the corporation, but more than 50% of attacks originate from within the firewall.”
Decru’s encryption is designed to protect against attacks from both outside and within the firewall. Decru competes with storage security vendors such as Kasten Chase, NeoScale Systems, and Vormetric.
When asked why Network Appliance chose Decru, Vasudevan contends that the company is ahead of the competition because it can encrypt data in a variety of storage environments. In addition, Decru’s certifications from the government and from standards bodies made it attractive. “Common Criteria Certification and DoD 5015.2 [for electronic records] are certifications that take several quarters if not years to obtain. No other competitor has been able to obtain those,” according to Vasudevan.
“NetApp’s announcement will put more pressure on other top tier storage suppliers like EMC and IBM to bring encryption into their product portfolio,” says IDC’s Phillips.
Storage suppliers will eventually be forced to make data more secure as public pressure increases. If they don’t want to continue partnering with Decru, they’ll be faced with developing their own product or finding their own data security company to buy.
AT A GLANCE
Decru’s DataFort encryption appliance
- Unified access: NAS, SAN, iSCSI, tape
- Secure file deletion
- Enterprise-wide key management
- Certification: FIPS level 2, FIPS level 3, DoD, 5015.2