Home
Topics
Data Protection
Secure data storage
Is encryption enough?

Is encryption enough?

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: What to do when storage capacity keeps growing."

Download it now to read this article plus other related content.

1
2
3
4
5
6

Management tools are accessed through servers that connect directly to the SAN. "The Achilles' heel of SAN security is that the management interfaces to the storage devices are sitting on the corporate LAN," says W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc., Framingham, MA. At a minimum, he says, managers should regularly change the passwords to management tools.

Establishing effective access control for storage is problematic at this point. "No one has strong role-based access control, the kind that will let you control access at the command line," says SNIA's Budnik. He expects such role-based security to emerge over the next two years.

In addition to access control is identity management. Storage managers, however, can't do much on their own about identity management. "The tools are mainly in the application stack," says TheInfoPro's Stevenson. "Storage people often see identity management as the responsibility of the DBA or application developers."

This kind of finger-pointing is typical of the breakdowns that lead to security breaches. The solution calls for storage, corporate security, network and application teams, and business managers to work out a set of policies and procedures together.

"What we've seen is that policies are the key to security," says Jot Gill, an information management consultant now building a strategic consulting practice at Network Appliance Inc. "This is not a

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

device layer issue or an application layer issue--it is a business issue." Such a policy effort, he adds, should even include input from--heaven forbid--lawyers and accountants.

This requires cooperation among all players. "The struggle we're seeing with our customers is who drives the policy," says Forsythe's Arland. "The storage people can take some basic security measures, but you really need an overall security policy on the corporate level."

1
2
3
4
5
6

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in June 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Solid State Storage
Virtual Storage
Cloud Storage
Disaster Recovery
Data Backup
Storage UK
Storage Channel

searchSolidStateStorage
- Law firm uses NexGen hybrid array to keep cases moving
  
  Ohio law firm uses a NexGen solid-state, HDD hybrid storage array to provide the IOPS needed to keep its litigation and e-discovery practices moving.
- The top three use cases for PCIe SSD
  
  Learn more about the most common applications of PCIe solid-state cards today in this Expert Answer from independent storage expert Marc Staimer.
- Laptop SSD applications and monitoring
  
  Learn what applications benefit from laptop SSDs and what tools are available to monitor wear on these drives in this Expert Answer from Marc Staimer.
Virtual Storage
- Startup CloudFounders builds open storage for VMs
  
  CloudFounders promises an open storage version of software-defined storage that supports OpenStack, Amazon S3 and VMware.
- 10 ways to improve virtual server storage
  
  Virtual server storage operations can have a profound effect on the storage network. Here are 10 ways to help ensure that your storage yields its best I/O for the VMs it supports.
- VMware market share is high in a small pool of virtualization
  
  Storage expert Jon Toigo explains how VMware is the market leader, and why virtualization growth statistics seem more impactful than they truly are.
CloudStorage
- Data durability guarantees shouldn't be big concern with cloud storage
  
  Data durability guarantees of cloud storage providers shouldn't be a big point of concern for customers; they're too tough to measure and enforce.
- TwinStrata bumps up CloudArray DR capabilities
  
  A new version of the TwinStrata CloudArray gateway can recover data and applications off the cloud for DR without having to rebuild servers.
- Hitachi Data Systems launches HCP Anywhere for online file sharing
  
  Hitachi Data Systems addresses online file sharing through HCP Anywhere as part of its Hitachi Content Platform (HCP) object cloud storage system.
searchDisasterRecovery
- Your data protection plan must consider latency in WAN-based replication
  
  In this Storage Decisions video, Jon Toigo highlights issues IT pros must address in their data protection plan when using WAN-based replication.
- Improving business continuity plan exercises
  
  Planning and conducting business continuity (BC) drills is one of the most important activities in a business continuity program.
- Evaluating BC/DR program performance
  
  Business continuity and disaster recovery are not "set-it-and-forget-it" activities. Paul Kirvan outlines how to evaluate a BC/DR program in this tip.
searchDataBackup
- The pros and cons of integrated backup appliances
  
  Find out whether integrated backup appliances with backup software, server and storage offer any benefits beyond ease of installation.
- Quantum vmPRO adds LTFS tape support, DXi V-Series gains capacity
  
  Quantum upgrades its vmPRO virtual machine backup appliance, supporting 24 TB of pre-deduped data and LTFS tape in a virtual appliance.
- Veeam Software adds WAN acceleration, tape support for VM backup
  
  Veeam upgrades its virtual machine backup software, building WAN acceleration and native tape support into Backup & Recovery v7.
searchStorageUK
- Dell cloud storage plans remain hazy
  
  News of a Nirvanix partnership filled in some details about Dell's cloud storage strategy, but the company still treats its cloud plans as a secret.
- Storage Radio: Riverbed Whitewater appliance chases enterprise
  
  In our latest Storage Radio podcast, SearchStorage.com editors discuss the Riverbed Whitewater cloud data backup appliance for enterprise backups.
- Finding data deduplication solutions for DR
  
  Deduplication is an important strategy for disaster recovery. Learn more about data dedupe solutions in this expert tip by Paul Kirvan.
searchStorageChannel
- Hitachi Data Systems Partner Program Checklist
  
  Learn the benefits of becoming a Hitachi Data Systems reseller partner with our Partner Program Checklist.
- Yosemite Technologies Partner Program Checklist
  
  Learn the benefits of becoming a Yosemite Technologies reseller partner with our Partner Program Checklist.
- CommVault, Inc. Partner Program
  
  Learn about data management software vendor CommVault, Inc.'s partner program in this standardized checklist.

All Rights Reserved,Copyright 2000 - 2013, TechTarget