This article can also be found in the Premium Editorial Download "Storage magazine: Tips for unifying storage management."
Download it now to read this article plus other related content.
According to my cohort Jon Oltsik, geeks and spies--not business people--are running around corporate America scheming and implementing security in IT worlds. And that's a big mistake.
I've been telling you that security is going to matter when it comes to storage, so pay attention now. Security sucks--it's just our best effort to stop it at the gate. We put up firewalls and antivirus programs and hope.
Ask any CEO this question: "Mr. CEO (They like formality and politeness. It makes them feel worthy of their suits.), do you know how many IT people in your company have root privileges?" He/she/it will invariably say, "I'm not exactly sure," which means: "What the hell are root privileges?"
You let the CEO know that there are 500 people or greater in any multinational corporation that can pretty much see everything there is to see when it comes to electronic information. Odds are that one in 500 may have a bone to pick.
CEOs already know that 80% of attacks come from within. What they and we are naÏve about is thinking that we're going to prevent bad things from happening. It's irresponsible not to do what's necessary to get whole quickly once all hell breaks loose.
Sure, we need geeks and spies, firewalls, antivirus software and any other tools which are designed to stop attacks before they occur. What we need most, though, is to figure out how to survive the attacks that do get through. So, here are the new rules:
New Rule No. 1: Encrypt
New Rule No. 2: Learn to speak security. Storage and security camps speak totally different languages, and storage guys need to understand and be assertive, or get run over. Smart business logic will prevail here--and there hasn't been much of that lately.
New Rule No. 3: Get on the new wave of disk-based recovery systems. It's only a matter of time before you're going to get killed by a virus. The only way to get back from the gates of Hell will be with a time machine. Imagine being able to recreate your entire IT environment just before a virus strikes. Talk about the perfect killer app--The Doomsday Undo. What Fortune 2500 company wouldn't pay for that piece of insurance? This bodes well for the FilesX, Revivio, StorageTek and the likes that make these way-back machines. Even traditional backup implementations are possible with this feature, as Atempo has proven.
Disaster recovery is about security. Everything is about security. Do you wanna talk information life cycle management? Don't have a conversation without understanding the potential security requirements at every step--they most likely will differ. Data protection means protecting the zeros and ones spinning on a disk drive. Everything else emanates from that.
This was first published in February 2004