This article can also be found in the Premium Editorial Download "Storage magazine: Surprise winner: BlueArc earns top NAS quality award honors."
Download it now to read this article plus other related content.
Database application data has a way of proliferating; as it does, storage and security concerns also grow.
Thirty-four states have them, eight states are evaluating them and eight more states have no imminent plans to have them. I'm not talking about gun control laws or other headline-grabbing regulations, I'm referring to information privacy breach laws. And it's not just happening at the state level--Washington is also getting into the act. The Enterprise Strategy Group (ESG) is following at least 30 information privacy laws being debated by the U.S. Congress. And if you do business internationally, you can look forward to a dozen or so country-specific regulations in Europe.
Why should storage architects, managers and administrators care about this? Right now, most of the focus is on breach laws that define remediation processes and penalties once personal and confidential information is accessed by unauthorized individuals. Regulations currently being debated, both domestically and abroad, center more on preventive measures to thwart data breaches. If these laws gain momentum, IT may feel the pain because the threats are both external (hackers and other black hats) and internal (user errors and disgruntled employees).
Because storage and tape systems are the final resting places for most corporate information, many organizations have deployed encryption appliances that secure data at rest. But it may not be enough. The
It might be easy to point fingers and call this a "database admin's problem," but storage teams, along with their database counterparts, can improve the security of their test and development environments and get some benefits in return.
Batten down that database
ESG research indicates that, on average, organizations classify 54% of their database content as confidential, and a large portion of this data is retained on a centralized storage infrastructure. That makes security the database and storage groups' problem.
This was first published in June 2007