Feature

The business aspect of data storage security

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."

Download it now to read this article plus other related content.

Two years ago, I was one of the lone voices speaking about storage security. When I reached out to the storage community I couldn't get anyone--not users, vendors or services companies--to speak to me. I was one isolated dude.

But now the phone is ringing off the hook. Users want to know what they should do first, while vendors are assessing how much security is needed in their products and when. This is a huge and very encouraging change, but storage security is a subset of a bigger topic: storage risk management.

I recently had the opportunity to discuss risk management with three storage security services firms: Computer Associates, GlassHouse Technologies and Kasten Chase. Each of these firms offers risk and gap analysis assessments that define problems; measures performance against industry standards like IT Infrastructure Library/IT Service Management (ITIL/ITSM), Committee of Sponsoring Organizations/Control Objectives for Information and related Technology (COSO/COBIT), or ISO 17799; and recommends remediation activities to address deficiencies and decrease overall storage risk.

These meetings were eye-openers to say the least. I heard horror stories, as well as a number of common mistakes worth detailing here. Before I do that, however, let me clarify what I mean by risk management as it relates to storage activities and infrastructure.

There's probably an official classification of risk, but to me storage risks can be defined as the following:

    Requires Free Membership to View

  • An event or process that can lead to or extend storage downtime
  • An event or process that can lead to data corruption or theft
Obviously, a security breach or denial-of-service attack would fit into these categories, but the storage services folks I spoke with described other consistent risk areas around disaster recovery (DR), data management and storage controls.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: