This article can also be found in the Premium Editorial Download "Storage magazine: Evaluating the benefits of IP SANs."
Download it now to read this article plus other related content.
Given the complexity of IT infrastructure, it's easy to cut corners or get lost in details, but doing so can open security holes for would-be attackers. To overcome this, IT must structure day-to-day activities such as configuration management, change management and patch management. Storage administrators will need to adhere to enterprise IT processes here. The information technology infrastructure library (ITIL) and control objective for information and related technology (CobiT) are well-regarded models here. IT governance will require training and process changes for the storage team, but it will be worth the effort. Not only will security improve, but having standard processes will lower overall operating costs as well.
Once these five steps are accomplished, companies can move on to address industry and company-specific security concerns. For example, financial services firms need policies to deal with the Gramm-Leach-Bliley and USA Patriot acts, while health care companies must be concerned with HIPAA. With these policies in place, IT can finally expose security vulnerabilities and address them through the right security technologies.
Once again, before implementing storage-based security, storage professionals should coordinate with their peers in networking, application, database and systems groups to create a comprehensive security infrastructure that meets all the corporate objectives. As the protectors of the corporate data, storage professionals
Every IT professional should be concerned about security and storage is no exception. But acting on storage security alone is like putting a deadbolt on your front door while leaving all your windows open. Storage professionals should do all they can to secure their domain while working with business and IT peers to make security part of the IT and corporate culture. This will go a long way toward making storage and the corporation at large more secure.
This was first published in July 2003