Storage and security groups working together


This article can also be found in the Premium Editorial Download "Storage magazine: Low-cost storage pieces fall into place."

Download it now to read this article plus other related content.

Physical security
Many shops with an abundance of firewalls, intrusion detection systems (IDS) systems and virus protection software fail the physical security test. When it comes to physical security and storage, be sure to:
  • Place storage equipment in locked cages in the data center. During the client/server days, the general philosophy was to collocate systems with the users they supported. This was done for technical reasons (slow LAN speeds) and political reasons (distributed IT budgets). Those days are gone.
  • Adhere to a strict tape management policy. Security books are full of stories where rogue IT workers steal backup tapes to extort money from their employers. This opportunity is created through poor tape management practices. Take the necessary steps to avoid this problem through appropriate tape labeling, off-site rotation, backup encryption and secure tape storage procedures.
Of course, physical security depends on strict access control to secure data centers through methods such as smart cards, log files and visitor policies. While the storage team doesn't control these things, it can contribute to overall security through its input and cooperation with the security staff and a constant watchful eye.

Policies and procedures
Although the storage group won't be called on to develop security policies,

Requires Free Membership to View

compliance is mandatory. Particular attention should be paid to:
  • Change and configuration management: Sloppiness here inevitably leads to security vulnerabilities and downtime. Work with the entire IT staff to develop change management policies, procedures and documentation standards.
  • Data classification: Information value, age, useful life and personal association is often used to classify data into private sector categories such as public, sensitive, private and confidential. Once data is classified, the storage group is instrumental in the implementation process. Data classification is difficult, but it leads to improved security, lower costs and easier compliance with regulations.
  • BC/DR: The storage team plays a starring role in backup/restore procedures through BC and DR planning. Storage and security should work together on this.
Staff issues
The storage staff must be prepared to participate in the enterprise security effort. This will require:
  • Background checks: Experience with EMC, Brocade and Veritas can't forgive a rap sheet of felonious activities. All personnel must be screened appropriately.
  • Training: To add security skills to the mix, the storage team should receive specific security training on storage vulnerabilities, fixes and general security prevention, detection and reaction techniques. It's worthwhile to encourage the storage staff to take the Certified Information Systems Security Professional (CISSP) exam to broaden their knowledge base.
Final word
There's an old security saying that states the enterprise security chain is only as strong as the weakest link. The storage team should do what it must to ensure that it avoids this weakest-link distinction. The team should take proactive steps to fix existing people, process and technology security holes while preparing for future challenges.

This was first published in October 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: