This article can also be found in the Premium Editorial Download "Storage magazine: Who owns storage in your organization?."
Download it now to read this article plus other related content.
Even though the ILM infrastructure described here may be years away, firms should prepare in advance by putting the proper storage security policies, procedures and technologies in place today. Here are some of the things to consider:
- Storage security policies and procedures. Don't go off and purchase the latest storage security widget right away. Start by defining the appropriate storage security policies and procedures by forming a cross-functional team that includes business, IT, HR and legal folks. Each team member provides a unique contribution: Business people match storage security with business needs; HR ensures that employee rights are protected; legal focuses on compliance; and IT puts a technical bow around the whole package. The storage security policy should be easily understood by everyone in the organization.
- Data classification. ILM processes are anchored by strict data classification, but unfortunately, this can be a monumental task requiring professional services help and lasting several years. Rather than embark on a long monolithic project, companies should start small and strive for near-term results. For example, identifying compliance data for archiving or historical data for migration to low-cost storage can deliver immediate cost and operational benefits. During the classification process, firms should focus on both storage and security requirements. This way, information
- will be protected whether it is at rest, in flight or in use.
- Authentication. To avoid intentional spoofing or simple configuration problems, storage architectures need strong authentication. This will be especially true as ILM takes shape, distributes functionality and actively moves information from place to place. The Storage Networking Industry Association (SNIA) has already proposed a plan for Fibre Channel security (FC-SP) that takes advantage of existing authentication protocols such as CHAP and DH-CHAP, and standards such as RADIUS and LDAP. Storage networking vendors such as Brocade Communications Systems and McData Corp. have picked up on this effort building security into their fabric infrastructure. Storage managers should embrace these products today so they are prepared as ILM begins to roll out.
- Encryption. The greater the distance that data travels, the more necessary encryption becomes to protect critical information. However, encryption isn't only about scrambling the bits. Enterprises will need to create, refresh and expire encryption keys. So important management policies, operations and storage must be tightly integrated into ILM. What's more, encryption helps automate a key ILM function--data deletion. Once encryption keys are expunged, encrypted files are as good as gone.
- Human resources. There is no getting around that people will always be the weakest link in the security chain. Address this by conducting strict background checks on all new employees. You should also adopt security policies that define violations and specify consequences as well as train all storage administrators on security best practices. The black hats know that the easiest way into a critical infrastructure like ILM is to find someone with access and con them into providing a ticket through the door.
Today, ILM is a series of processes, but vendors are burning the midnight oil to turn their PowerPoint slides into revenue-generating products. Thus far, security has been left out of the ILM mix--a serious omission. While vendors play catch up here, storage administrators should embrace security best practices. This will provide instant benefits and plant security seeds that will grow and prosper as ILM becomes real.
This was first published in May 2004