Storage security is really no different than any other type of information security. It involves the technology and a set of business practices, proper controls and ongoing testing to make sure company data is kept safe. Storage security specifically focuses on the storage environment, and by storage environment I mean NAS, SANs and DAS, which includes hard drives on servers, desktops, laptops, thumb [flash] drives and other mobile storage devices -- really anything that stores information as a business asset.
Storage security also extends outside of the network to include external users, such as customers placing orders online. Any entry point into the network and into the storage environment needs to be protected. All it takes for your storage system to become compromised is one remote user running on an unprotected wireless network without personal firewall software or the latest security updates to the operating system. Pay attention to all points of entry; no matter how obscure or indirect.
This was first published in March 2007