I can't remember anything that's lit a fire under the industry as much as information life cycle management (ILM)....
The Enterprise Storage Group (ESG), Milford, MA, defines ILM as a series of technologies and processes that enable resource optimization, effective data protection and superior application performance. While ILM may be years away, it will likely involve a number of storage services that automate data movement based upon attributes such as business rules, operational policies and protection requirements.
No doubt about it, the ILM vision provides some valuable storage-focused qualities. But will it be secure? Hey, I can't help it--we security geeks look at new technologies and ask questions like, "What kind of damage could I do?" And of course, "How could I cover my tracks so I wouldn't get caught?"
The unfortunate conclusion I have come to is the current ILM plan either minimizes or totally ignores security, and this isn't a small snafu--it's a major omission.
According to a recent Price Waterhouse survey, corporate executives state that more than 70% of a company's market value lies in its intellectual property (IP). What's more, IP theft can be extremely costly. According to the 2003 Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) security survey, "theft of intellectual property" was identified as the costliest type of security breach (by 35% of respondents) followed by denial of service attacks (33%), viruses (14%) and insider net abuse (6%).
So what's the security concern with ILM? Imagine that it's 2007 and ILM provides services for functions such as data movement, infrastructure management, meta data tagging and policy management. ILM further presents a centralized view of the information assets and infrastructure, regardless of where the information actually is stored. Skilled hackers could attack this architecture in several ways:
- Direct attack on the ILM infrastructure. Assume that ILM will coordinate activities via IP over LANs, WANs and the Internet. This makes sense, given the preponderance of IP services and IP storage momentum. The problem here is that IP communications mean many network and application layer security vulnerabilities may leave ILM exposed. If hackers gain access to ILM, they could discover administrator passwords so that illicit activities would look like the activities of a legitimate storage administrator. They could alter policies so that important corporate data could be deleted immediately. They could also corrupt the meta data repository, destroying important information attributes or steal valuable data to extort money or sell it to the highest bidder.
- Sniff the network. As ILM distributes the control and data paths over geographic distances, it will become a sitting duck. Hackers could sniff the network and have access to a treasure chest of information. Worse, they could alter information by using a man-in-the-middle attack. After being paid off by an unscrupulous competitor, a network administrator could intercept ILM information and alter policies so that critical data could be marked for deletion. This would certainly cause a serious business disruption.
Even though the ILM infrastructure described here may be years away, firms should prepare in advance by putting the proper storage security policies, procedures and technologies in place today. Here are some of the things to consider:
- Storage security policies and procedures. Don't go off and purchase the latest storage security widget right away. Start by defining the appropriate storage security policies and procedures by forming a cross-functional team that includes business, IT, HR and legal folks. Each team member provides a unique contribution: Business people match storage security with business needs; HR ensures that employee rights are protected; legal focuses on compliance; and IT puts a technical bow around the whole package. The storage security policy should be easily understood by everyone in the organization.
- Data classification. ILM processes are anchored by strict data classification, but unfortunately, this can be a monumental task requiring professional services help and lasting several years. Rather than embark on a long monolithic project, companies should start small and strive for near-term results. For example, identifying compliance data for archiving or historical data for migration to low-cost storage can deliver immediate cost and operational benefits. During the classification process, firms should focus on both storage and security requirements. This way, information will be protected whether it is at rest, in flight or in use.
- Authentication. To avoid intentional spoofing or simple configuration problems, storage architectures need strong authentication. This will be especially true as ILM takes shape, distributes functionality and actively moves information from place to place. The Storage Networking Industry Association (SNIA) has already proposed a plan for Fibre Channel security (FC-SP) that takes advantage of existing authentication protocols such as CHAP and DH-CHAP, and standards such as RADIUS and LDAP. Storage networking vendors such as Brocade Communications Systems and McData Corp. have picked up on this effort building security into their fabric infrastructure. Storage managers should embrace these products today so they are prepared as ILM begins to roll out.
- Encryption. The greater the distance that data travels, the more necessary encryption becomes to protect critical information. However, encryption isn't only about scrambling the bits. Enterprises will need to create, refresh and expire encryption keys. So important management policies, operations and storage must be tightly integrated into ILM. What's more, encryption helps automate a key ILM function--data deletion. Once encryption keys are expunged, encrypted files are as good as gone.
- Human resources. There is no getting around that people will always be the weakest link in the security chain. Address this by conducting strict background checks on all new employees. You should also adopt security policies that define violations and specify consequences as well as train all storage administrators on security best practices. The black hats know that the easiest way into a critical infrastructure like ILM is to find someone with access and con them into providing a ticket through the door.
Today, ILM is a series of processes, but vendors are burning the midnight oil to turn their PowerPoint slides into revenue-generating products. Thus far, security has been left out of the ILM mix--a serious omission. While vendors play catch up here, storage administrators should embrace security best practices. This will provide instant benefits and plant security seeds that will grow and prosper as ILM becomes real.