Hot Spots: Time to learn from Microsoft's mistakes


This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."

Download it now to read this article plus other related content.

Is anyone in the storage industry even close to pulling this off? I do see a number of leading indicators that the industry is moving in this direction. For example:

  • NetApp/Decru is championing an effort around key management, building a development community and pushing industry standards.

  • IBM extended mainframe security functionality such as its encryption facility, Integrated Cryptographic Services Facility (ICSF) and Resource Access Control Facility (RACF) to storage management software and devices.

  • In a model similar to Microsoft's, EMC has instituted its Common Security Platform (CSP), a set of security requirements for all EMC products. CSP covers everything from the way products are built to access controls to logging.

  • Hitachi has embraced the ISO/IEC 21827:2002 Systems Security Engineering–Capability Maturity Model (SSE-CCM) to introduce security best practices in product development projects. Security testing has also transitioned from an ad hoc process to a formal phase in the QA cycle.
Smaller vendors such as Asigra, CipherMax and NeoScale Systems also deserve kudos for their storage security leadership. Are there others? There are certainly some that I have carelessly omitted, but many storage vendors still view security as a necessary evil to be sidestepped at all cost. These companies

Requires Free Membership to View

will likely learn the hard way.

The bottom line
Security is neither a product feature nor a sound bite for marketing pitches. It's a cradle-to-grave commitment that spans products, processes and personnel. Microsoft proved you can turn on a dime if you want to, and several leading storage vendors are following its example. Storage professionals should be wary of any vendor that hasn't made this transition.

This was first published in May 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: