Q

Top five security questions to ask storage vendors

Security expert Vijay Ahuja outlines the top five security questions to ask storage vendors before making a purchase.

When soliciting vendors for storage management solutions, what are the top five questions to ask them about security as it relates to storage?
1. What type of authentication are you supporting? The T11 FC SP draft recommends support of DH CHAP with RADIUS server.

2. What type of encryption is used to secure traffic between the management entities? They may use SSL, SSH and in certain environments VPN/IPSec may help.

3. How the encryption keys are stored and secured?

4. How the secrets (e.g. passwords) are secured while in storage?

5. What kind of access control (RBAC etc.) is supported?

Remember that the management network has several components -- and you want to probe the security for each component: managed entity (switches, ports, etc.), management server, management admin workstation and the network over which they are connected. Also, the traffic may traverse over Fibre Channel (FC) or IP -- you need to address both.

There is a lot you, as the end user, can do. For starters, keep the corporate network and the storage management network separate.

This was first published in July 2005

Dig deeper on Secure data storage

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close