This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."
Download it now to read this article plus other related content.
But now the phone is ringing off the hook. Users want to know what they should do first, while vendors are assessing how much security is needed in their products and when. This is a huge and very encouraging change, but storage security is a subset of a bigger topic: storage risk management.
I recently had the opportunity to discuss risk management with three storage security services firms: Computer Associates, GlassHouse Technologies and Kasten Chase. Each of these firms offers risk and gap analysis assessments that define problems; measures performance against industry standards like IT Infrastructure Library/IT Service Management (ITIL/ITSM), Committee of Sponsoring Organizations/Control Objectives for Information and related Technology (COSO/COBIT), or ISO 17799; and recommends remediation activities to address deficiencies and decrease overall storage risk.
These meetings were eye-openers to say the least. I heard horror stories, as well as a number of common mistakes worth detailing here. Before I do that, however, let me clarify what I mean by risk management as it relates to storage activities and infrastructure.
There's probably an official classification of risk, but to me storage risks can be defined as the following:
- An event or process that can lead to or extend storage downtime
- An event or process that can lead to data corruption or theft
This was first published in November 2005