How to build a storage security strategy for your enterprise


This article can also be found in the Premium Editorial Download "Storage magazine: Evaluating the benefits of IP SANs."

Download it now to read this article plus other related content.

Given the complexity of IT infrastructure, it's easy to cut corners or get lost in details, but doing so can open security holes for would-be attackers. To overcome this, IT must structure day-to-day activities such as configuration management, change management and patch management. Storage administrators will need to adhere to enterprise IT processes here. The information technology infrastructure library (ITIL) and control objective for information and related technology (CobiT) are well-regarded models here. IT governance will require training and process changes for the storage team, but it will be worth the effort. Not only will security improve, but having standard processes will lower overall operating costs as well.

Once these five steps are accomplished, companies can move on to address industry and company-specific security concerns. For example, financial services firms need policies to deal with the Gramm-Leach-Bliley and USA Patriot acts, while health care companies must be concerned with HIPAA. With these policies in place, IT can finally expose security vulnerabilities and address them through the right security technologies.

Once again, before implementing storage-based security, storage professionals should coordinate with their peers in networking, application, database and systems groups to create a comprehensive security infrastructure that meets all the corporate objectives. As the protectors of the corporate data, storage professionals

Requires Free Membership to View

will be critical to achieving this goal.

Every IT professional should be concerned about security and storage is no exception. But acting on storage security alone is like putting a deadbolt on your front door while leaving all your windows open. Storage professionals should do all they can to secure their domain while working with business and IT peers to make security part of the IT and corporate culture. This will go a long way toward making storage and the corporation at large more secure.

This was first published in July 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: