This article can also be found in the Premium Editorial Download "Storage magazine: Storage managers give thumbs up to IP storage."
Download it now to read this article plus other related content.
|Outsourcing safety guide|
Is outsourcing secure?
When I ask IT managers what's the one thing that keeps them from going to a public storage solution, security is their most common concern. They're not worried about a physical breach in the network cable because that's protected by fiber's inherent sensitivities to the loss of light. Their concerns involve the physical security of the storage facility, and the SAN security policies evident in its networks.
The concerns regarding physical breaches in security are real, but for the most part shouldn't be a cause for concern. When was the last time you heard of a company's data or Web site being compromised from within the walls of the organization? Hollywood movies often depict an actor walking up to a data center and plugging their laptop directly into the network. But in reality, that rarely happens because multiple levels of security must be compromised to gain physical access.
However, the lack of exclusive SAN security policies is a real concern. Will my applications have separate physical fabrics, or will they be sharing name servers and other well-known services available in the SAN? Will I be sharing storage ports with applications from other organizations? What kind of zoning and LUN security policies does the public storage vendor have in place? These are just some of the questions that storage administrators need to have answered before trusting their online data to an off-site vendor.
With public storage for your home or office furnishings, each storage space may share an adjoining wall. However, if the actual space used for storage is separate and distinct, there's only one way in and one way out. And as for physical access, most of these facilities are gated and armed with security codes needed to gain entrance to the storage space. In the data storage world, this same functionality can be had with encryption. Each application server and storage resource could pass encrypted strings that map members of a zone.
But physically separating customers in a public storage solution doesn't make economic sense for the utility company. And unless you are looking to use their location and services for an extended time, purchasing separate equipment for short-lived projects doesn't make good business sense either. Consider hiring a SAN security expert to tour and interview the potential utility to see if your applications can be compromised by the outside world.
Another potential problem is the staff of the storage utility. You have no direct control over the amount of knowledge and experience the engineer assigned to your account will have, nor over their actions should they become disgruntled. What insurance will you have against the errors and omissions of their employees? Are they bonded?
Innovative hardware functionality has always enabled power applications, and power applications have always driven hardware solutions. Public data storage solutions have yet to reach their potential because of a lack of applications to fulfill consumer needs at the right price.
When application service providers start developing applications targeted toward more common users of data storage (i.e., digital homes, phones and cameras), and it becomes easier, cheaper and more secure to manage your entire data store apart from your computing environment, we may be able to provision and access public storage for our corporate applications as well as for uploading the digital images that have become so much a part of our daily lives.
This was first published in April 2004