Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:30 AM

ISCorp Augments Security

Backup services specialist ISCorp eyes new customers after deploying Decru

For many firms, security hardware is simply a necessary, and often expensive evil, although on-demand backup specialist ISCorp is looking for some major new revenue thanks to a big security overhaul.

Last year the Milwaukee, Wis.-based firm rolled out Decru encryption devices as part of an effort to lock down corporate data. Nothing unusual there, perhaps, although ISCorp's CTO Scott Rodenhuis sees things a little differently. "It's going to help us bring in $1 million in new business this year [by] giving customers an additional level of security for disk and tape-based backup," he says.

ISCorp is competing with some big names, including IBM Global Services and Pfizer, which offers on-demand services via a partnership with virtualization specialist Cassatt. (See Suppliers Serve Virtualization.) "Having that security makes our clients more confident and helps drive sales," explains Rodenhuis, adding that ISCorp can now send encrypted tapes to its offsite vaults.

ISCorp, which provides data processing, sales performance and ERP on-demand services to around 500 customers, including seven of the top 10 financial firms, realized some time ago that it needed to bolster its own security story. (See On the Brink of Storage Disaster, Chase Trashes Tapes, A Tale of Lost Tapes, and Top Tips for Compliance .)

The firm stores 50 Tbytes of customer information across two Fibre Channel data centers kitted out with EMC Clariion SANs, Sun tape libraries, and Compellent replication software.

Amongst this infrastructure, Rodenhuis and his team identified tape as ISCorp's Achilles' heel after meeting with clients last year. "It wasn't a single event," that prompted closer scrutiny of tape usage, he explains. "It was our communication with some of our end-clients and finding out what they needed."

Just over a year ago Rodenhuis started to check out his encryption options, before eventually settling on Decru's DataFort FC525s. (See Quantum, Decru Hook Up.) Last October, after six weeks of testing and evaluation, the CTO deployed two DataForts in a cluster at ISCorp's primary data center in Milwaukee.

The DataForts sits on the SAN fabric at the Milwaukee data center, encrypting data before it is sent off to disk and tape-based storage. ISCorp also installed a third DataFort at the firm's secondary data center at Brookfield in the suburbs of Milwaukee.

Prior to deploying the DataForts, Rodenhuis and his team also looked at Neoscale's CryptoStor device, although the exec told Byte & Switch that Decru beat its rival on cost. "We got a deal [with Decru], there was some negotiation," says the CTO, somewhat mysteriously, although he would not say how much he paid. Pricing for Decru's DataFort appliances starts at around $30,000.

Rodenhuis also considered a software-based approach, scoping out Oracle, which offers its own database encryption software.

The problem with the Oracle solution, according to the CTO, was that it was limited to Oracle databases and the exec admits that he had some performance concerns. "The encryption and decryption of data, if is contained on the database, has to be performed by the same CPUs that are running the database," he explains. "That means that you have more overhead on the database server."

Despite opening the door to additional revenues, Rodenhuis still wants Decru to improve its story with regard to the likes of Symantec and Legato. "The one thing that I have asked them for is tighter integration with some of the backup software," he says, explaining that this would give better control of encrypted data and the keys associated with it.

At the moment, Rodenhuis can create keys for certain devices, but not for actual files, a feature which Decru only offers on its NAS-based encryption products. (See File Security Gets All Cryptic.)

The exec is also wondering how he can tie the PGP encryption software that secures data on one of ISCorp's financial services to the DataFort devices. "It could be useful to have an agent or something that would allow you to have a secure key management system," he says.

Despite both NeoScale and Decru opening up the APIs on their encryption products, other users have already voiced their desire to see more work done in this area. (See Regulus, Multivendor Management Locked Up, Security Smorgasbord on Show, and All Keyed Up With NeoScale.)

— James Rogers, Senior Editor Byte and Switch

  • Cassatt Corp.
  • Decru Inc.
  • IBM Global Services
  • NeoScale Systems Inc.
  • Oracle Corp. (Nasdaq: ORCL)
  • PGP Corp.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
    Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
    PUBLISHED: 2020-07-07
    A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...