I am a risk consultant and have been asked to conduct a threat and risk assessment and analysis on a backup regime for a SAN. As this is the first one for me, I am wondering if you could assist me in outlining the risk areas associated with the use of FCP and its use for remote backups. I have researched this and keep getting confused as to the issues using TCP/IP over the Internet and what levels of protection/devices can be placed over the SAN to alleviate any risks.
Any advice would be very worthwhile.
If your moving data to a remote site over optical fiber, then the cables themselves are fairly secure since it's quite hard to tap optical cables without anyone not knowing about it.
For remote backup using TCP/IP, you can use compression on either end to somewhat scramble the data or you could use iFCP-based SAN extenders which will allow you to use any security measures that are available for TCP/IP. If it were my data though, I would use an encryption engine on both sides of the pipe just to be certain. This could either be an appliance or a software solution.
Since you are moving data to a remote location, zoning in the SAN will not help you. You need to focus on the TCP/IP portion. Have your customer use dedicated leased lines, use encryption and use optical connections if you can afford it.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in November 2002