Suppose a company has 2 sites, A and B, one is primary, the other is
secondary for DR reasons. A and B are separated significantly
geographically. Both A and B use a SAN for their data. A and B are
connected by a private network. The SAN data is replicated between A
and B over this private network using some replication product. My
question is, "should I be worried about the fact that the SAN
replication product does not do encryption?". When I raised these
concerns the answer I was given was "its a private network so its not
a problem". I am still not sure. Maybe I'm paranoid but I thought most
security jobs were inside jobs and this is made easier if the data
going over the wire is always in plaintext. But then again, data sent
around the LAN using NFS is not encrypted either.

Regards,

Andrew Marlow