Data storage security trends - Storage Technology Magazine - Page 1

Storage security focus for 2006

Storage security turned a corner in 2005. Now it's time for storage pros to get serious about security.

AS FAR AS I'm concerned, 2005 was a watershed year for storage security. EMC announced to the world that, moving forward, security would be integrated into the company and its products. Network Appliance voted with its wallet by acquiring Decru. Tape leaders such as Quantum and Spectra Logic added encryption capabilities to their systems.

Storage security victory! Well ... not quite.

Don't get me wrong. After three years of carrying on about storage security, it's great to see this new wave of progress ripple through the industry. In spite of this, IT storage managers and the storage vendor community still have a myopic view of security. Too many folks think the term "storage security" can be interpreted as either backup encryption or as a security appliance à la Kasten Chase or NeoScale.

So, my storage-centric brethren, when it comes to security there are a few things to keep in mind:

  1. Security must be systemic. Remember the television show Get Smart? At the beginning of each episode, Maxwell Smart (Agent 86) had to pass through a number of security checkpoints before arriving in his office. In this vintage TV example, each checkpoint is another "layer" of security, a model often referred to as "defense-in-depth."

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  1. Storage security is no different; to be truly effective, encryption must be supported with things like access controls, strong authentication and monitoring.


  2. Security threats are always changing. Think about all the stuff you have to guard against on your PC: viruses, worms, spam, phishing, etc. The bad guys are discovering new attack vectors all the time. This means that the storage community has to remain in a constant state of security awareness. You have to make patching management servers and monitoring bug-tracking sites a priority, and ensure your staff is trained to know a scam when they see one.


  3. You can't manage (or in this case, secure) what you can't measure. I know this is a tired old business saying that everyone has heard from some dorky boss, but with security it's certainly a truism. If I don't capture baseline information, monitor changes and offer all this information up as reports, how can I tell how secure my storage is?

This was first published in May 2006