You could actually write a collection of books on this very subject. I define storage security as a set of technical...
controls, business processes and supporting documentation, including policies and procedures. that help to keep the bad guys out. By this, I mean external attackers and rogue insiders -- keep them out of the "crown jewels" of the network: the storage environment.
Storage security is really no different than any other type of information security. It involves the technology and a set of business practices, proper controls and ongoing testing to make sure company data is kept safe. Storage security specifically focuses on the storage environment, and by storage environment I mean NAS, SANs and DAS, which includes hard drives on servers, desktops, laptops, thumb [flash] drives and other mobile storage devices -- really anything that stores information as a business asset.
Storage security also extends outside of the network to include external users, such as customers placing orders online. Any entry point into the network and into the storage environment needs to be protected. All it takes for your storage system to become compromised is one remote user running on an unprotected wireless network without personal firewall software or the latest security updates to the operating system. Pay attention to all points of entry; no matter how obscure or indirect.