Ensuring data integrity relies on much the same access controls just mentioned. Locking out access to data keeps it safe. But like confidentiality, integrity can be hard to measure because prying eyes and meddling hands can leave a seemingly intact copy of data behind.

While modification of data can be far more insidious than a loss of availability, howls of users when systems fail make it difficult to avoid attacking the problem. But their howls will be louder if it's evident that a security breach caused the outage. Here again, access control is the key, but brute-force attack can be much more difficult to defend against.

Maintain your integrity
So far, most of the security focus for storage managers has been on physically limiting access to equipment and to a lesser extent, securing the SAN fabric itself from unauthorized use. Currently, most storage networks are limited to a single data center room with tight physical security. But this is changing, as replication technologies begin to use standard Fibre Channel (FC) and IP connectivity rather than more proprietary encapsulation methods. As iSCSI allows storage to make the leap to IP on Ethernet LANs, more and more storage networks will break out of the data center. Once this happens, the security of access-controlled data centers is destroyed.

Although not always recognized as a security-related task, ensuring availability in an FC fabric is common practice for storage designers and managers. Redundant fabrics, multiple data paths, redundant equipment and business continuance copies are commonly employed to improve availability in the event of mistakes and failures. There are also other potential paths for attackers: insecure hosts, backup tapes, retired hardware and inside jobs.

Even the most secure SAN can't protect data once a connected host has been compromised. By far the most common breach of SAN integrity is caused by accidental misconfiguration, rather than malicious attack. Most SAN managers have seen cases where a host "stepped on" another host's SAN LUNs. Even if it hasn't happened to them, the storage and systems administrators I talk to are concerned, and employ techniques like LUN masking on the array and zoning on the fabric to prevent it. Every SAN should use these techniques to ensure data integrity, and offline backup copies are required to recover from data corruption.