This article can also be found in the Premium Editorial Download "Storage magazine: A look inside Hitachi's TagmaStor high-end arrays."
Download it now to read this article plus other related content.
|Users see better policies leading security efforts|
How to upgrade storage security
Most companies believe that the best way to improve storage security is to improve policies and procedures, but users also want technology solutions. Forty-nine percent of respondents plan to add security features to existing storage products, while 17% say they will buy new storage-specific security products (see "Users see better policies leading security efforts").
But there's some question as to whether storage vendors are prepared to effectively support their customers. Asked to rate their storage vendors' commitment to security, 39% of the respondents said it was marginal; 7% said it was weak. (See "Vendors' security commitment in doubt")
Our survey sought to determine whether companies were aware of or needed storage security encryption and key security management technologies. Thirty-five percent said they weren't fully aware of the new technologies, and the 60% who were familiar with them either didn't see a need or needed more information (see "Encryption awareness high, use low"). It's likely that as storage networks continue to grow in capacity and geographically, encryption of data in flight will become a requirement.
Many companies are adopting security policies where users, IT administrators and digital packets are viewed as "untrustworthy." All connections are monitored, logged and filtered, and sophisticated tools are being used to capture and review behaviors.
|Vendors' security commitment in doubt|
To achieve a strong storage security profile, companies should:
- Integrate storage into corporate security policies. Thirty percent of respondents said their company's security policies didn't include storage. Security professionals must define secure storage products, configurations and operations. Storage managers must work with the security team to adapt security rules to storage and business requirements.
- Enhance storage security monitoring. Aligning storage with corporate security policies will help alleviate breaches by hardening storage equipment and mandating security methodologies. But breaches aren't the only problem--evidenced by the 20% of respondents who didn't know if they even had a storage security breach. Storage teams must monitor data center and storage system access as well as storage device log files.
- Increase cross training. Storage staffs don't know enough about security, and security teams aren't up to speed on storage. CIOs should mandate ongoing cross-training programs where the groups train each other.
- Articulate security needs to vendors. While 46% of respondents felt vendor commitments to storage security were marginal or weak, 52% of the users who said their IT departments were diligent about security rated their vendor commitment as strong. This suggests that users who insist on security get security, while more passive users don't. Storage managers must make storage security a priority in all vendor interactions, pushing vendors on feature sets and configurations.
|Encryption awareness high, use low|
This was first published in September 2004