Ask the Expert

Top five security questions to ask storage vendors

When soliciting vendors for storage management solutions, what are the top five questions to ask them about security as it relates to storage?

Requires Free Membership to View

1. What type of authentication are you supporting? The T11 FC SP draft recommends support of DH CHAP with RADIUS server.

2. What type of encryption is used to secure traffic between the management entities? They may use SSL, SSH and in certain environments VPN/IPSec may help.

3. How the encryption keys are stored and secured?

4. How the secrets (e.g. passwords) are secured while in storage?

5. What kind of access control (RBAC etc.) is supported?

Remember that the management network has several components -- and you want to probe the security for each component: managed entity (switches, ports, etc.), management server, management admin workstation and the network over which they are connected. Also, the traffic may traverse over Fibre Channel (FC) or IP -- you need to address both.

There is a lot you, as the end user, can do. For starters, keep the corporate network and the storage management network separate.

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: