This article can also be found in the Premium Editorial Download "Storage magazine: Big 3 backup apps adapt to disk."
Download it now to read this article plus other related content.
What storage security?
In the fall of 2005, GlassHouse surveyed hundreds of storage managers around the world about storage security and threats. We found a widespread understanding of security risks, but little response to these threats. When asked, "What grade would you give your storage department for security readiness?" 24% of respondents said "good," while 52% rated it "fair." However, only 20% regularly encrypt backup data, and more than half have no security procedures in place.
|Top priorities for 2005 and 2006|
This seeming contradiction is easy to reconcile--storage managers are simply not tasked to address security concerns. We all know the risks of losing backup tapes and allowing thieves access to confidential data, but we're unable to articulate these risks in such a way that gets the attention of the non-techies we work with.
I spoke with an IT staffer at a large bank that was recently embarrassed by a news account of a missing backup tape. This engineer had been suggesting that the company investigate encryption for years, yet no one placed a high enough priority on the issue. In addition, he felt that he couldn't put together a plan on his own. Therefore, data went out unencrypted and the bank had to notify its customers that their personal information was at risk.
Respondents to our survey were evenly split on whether losing private customer data or intellectual property was more important. Fifty-one percent felt that losing internal intellectual property was more critical than losing customer data, even though the latter is certainly more pressing to most businesses because of disclosure laws and the risk of bad press. This is a disturbing example of misplaced priorities--the company's legal priority (protecting customer information) isn't filtering down to the level of those who can act to protect it.
This was first published in April 2006