Cisco’s just-announced acquisition of IronPort for $830 million is a shot across the bow of, among others, EMC’s RSA acquisition. As I wrote about Datacenter Ventures last September

A couple of people commented that network security is evolving from attempting to lock everything down inside the data center to using the WAN gateway as the security choke point. Seems about right.

Spam you don’t get doesn’t need to be stored
IronPort products provide perimeter protection against Internet-based malware. Blocking spam and viruses at the WAN gateway through a variety of techniques, IronPort exemplifies the advantages of using the WAN gateway as the security choke point.

EMC is just collateral damage
I doubt Cisco management spends much time worrying about EMC’s effort in the security business. From a network perspective each storage array and SAN switch is a potential choke point. Yet each array is limited by the amount of data each array stores and how often that data is accessed. The data velocity and temperature at the WAN gateway is orders of magnitude higher than at any storage array, making investment there that much more profitable.

Internal data security: trust vs. compliance
SANs store data that is already on the internal network. So the security issues cluster around who has access to what data and what can they do with it. There EMC’s RSA acquisition makes sense. Yet internet spam and viruses are a highly visible problem that can cripple your network today. Data theft and misuse is a more subtle problem.

The StorageMojo take
Given inertia, and flat budgets, most managers would rather trust their employees until they have a demonstrated reason not to. Which suggests to me that EMC will have a harder time monetizing their RSA investment than Cisco will with IronPort and its other security acquisitions.

More importantly, the reasons behind Cisco’s continued investments in network security – larger customer ROI chief among them – shows once more that network effects are alive and well. A large network is more valuable than a small one, and in most organizations the SAN is significantly smaller than the LAN+WAN gateway.

ILM redux?
EMC has to make their case based on the value, rather than the connectedness, of the SAN’s data. As ILM’s difficulties show, value-based data assessment and protection is a costly and difficult process. Creating hyper-scale, cost-effective storage pools would go a long way towards making storage-based security a much better customer investment.

Comments welcome, of course. EMC’ers (or other storage security mavens) feel free to weigh in and tell me what I’ve missed.