Products that blend storage and security leave me perplexed: is a storage solution the best place where to start protecting your data?Probably not. Moreover, I would argue that when sensitive information remains unencrypted the business process that generates that data has been poorly implemented. In a perfect world, the decision to secure data should be made by the application that creates it, but that rarely happens. Part of the problem is that developers have little interest and motivation to protect data outside of their coding universe. Not convinced? Then explain why the same development team that would never allow sensitive data to reach a non-secure Web page, finds acceptable to write the same data, unencrypted, to a local drive.Nevertheless, when data disclosure or a breach of security becomes news we always blame and try to correct the storage solution. Storage vendors, eager to differentiate their products from competitors’, are quick to follow on that: After all storage security is an easy to sell band-aid.Take for example the BrightStor Tape Encryption for mainframe that Computer Associates is announcing today. Starting at $60,000 (yes everything made for those big irons is expensive) you get the ability to encrypt what you put on tape, and from any application, I am told. It gets better: You can manage encryption from one of the popular mainframe security applications including IBM RACF and CA ACF2 or Top Secret. Moreover BrightStor Encryption will add little if anything to backup time because the chips on the big iron will do the heavy lifting.For a busy computer operations managers encrypting those tapes with little overhead is a blessing, but to be on the safe side (s)he will probably encrypt more data than needed, which will further complicate a few things, key management for example. Will we ever see data protection starting at the beginning of the data life cycle? Obviously, storage vendors alone can’t provide a solution to that problem, but Tapestry MyView, a new application that Brocade coincidentally also released today seems to be an interesting step in the right direction.Essentially MyView integrates with Microsoft Active Directories to give administrators better control over users’ access rights across the whole company. MyView is not meant to log file access, but records accurate historical records, for example changes in access rights, that would make many auditors smile.Will any of these two products make your data more secure? Yes, but for the big changes look outside of the storage universe. It may seem a paradox, but your data will probably become more secure when you won’t find “storage” and “security” in the same sentence anymore.