Storage Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Storage magazine: Lessons learned from creating and managing a scalable SAN."
Download it now to read this article plus other related content.
First steps to security Fast forward to today, and there's an obvious change in the market. More than ever, users get it--CIOs, storage executives, compliance officers and legal teams are pushing their storage vendors to add security features to products. The refreshing thing is that vendors get it, too--they're adding security features to all kinds of storage products. Storage industry leaders like Computer Associates, EMC, Hewlett-Packard, IBM and Symantec have introduced professional service offerings focused on storage security. These include a variety of assessment services, data classification, storage infrastructure security and security implementation. System vendors are actively partnering with security firms like CipherOptics, Decru and NeoScale, while others like Quantum and Spectra Logic are adding cryptographic capabilities to their technologies.
These are extremely worthwhile, albeit long overdue, developments in my view, and a logical first step to finally addressing security. If you were going to secure your house, it would certainly be prudent to start by inspecting the condition of all the windows, doors and locks before installing motion detectors and alarms. I applaud this essential effort, but I'm here to tell you that it's just not enough anymore.
What's the problem? Basic storage security presumes that the storage environment is relatively static. By focusing on storage security, we tend to view storage in isolation as a basic
Requires Free Membership to View
I/O infrastructure that houses a bunch of ones and zeros--heck, even the term "storage security" sounds like a niche discipline. The storage crowd shouldn't take this news too hard; security professionals have made this same mistake for years, implementing a bunch of firewalls and intrusion-detection systems to secure the network instead of instituting comprehensive defenses to protect the business.
Today's storage is intelligent, distributed and intertwined with all the other layers of the IT infrastructure. As an industry, we've even defined a new term--information lifecycle management (ILM)--to describe how intelligent storage systems can add value to the business. This is precisely the leap of faith now needed regarding information security. With that in mind, ESG believes storage security as a concept is obsolete and should be replaced with a new discipline called information lifecycle security (ILS).
I know this sounds like analyst mumbo jumbo, but bear with me as there's a fundamental difference here. While storage security concentrates on physical devices and discrete infrastructure, ILS focuses on the information itself. Furthermore, as the name implies, ILS defenses change over time as information ages and its value decreases.
This was first published in July 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation