|
Database application data has a way of proliferating; as it does, storage and security concerns also grow.
Thirty-four states have them, eight states are evaluating them and eight more states have no imminent plans to have them. I'm not talking about gun control laws or other headline-grabbing regulations, I'm referring to information privacy breach laws. And it's not just happening at the state level--Washington is also getting into the act. The Enterprise Strategy Group (ESG) is following at least 30 information privacy laws being debated by the U.S. Congress. And if you do business internationally, you can look forward to a dozen or so country-specific regulations in Europe.
Why should storage architects, managers and administrators care about this? Right now, most of the focus is on breach laws that define remediation processes and penalties once personal and confidential information is accessed by unauthorized individuals. Regulations currently being debated, both domestically and abroad, center more on preventive measures to thwart data breaches. If these laws gain momentum, IT may feel the pain because the threats are both external (hackers and other black hats) and internal (user errors and disgruntled employees).
Because storage and tape systems are the final resting places for most corporate information, many organizations have deployed encryption appliances that secure data at rest. But it may not be enough. The interaction between applications and databases with the storage infrastructure poses additional risk for data breaches or, at the very least, presents the opportunity for unauthorized access to sensitive information. For example, database administrators often create replicas of tables and instances to test new application features. These copies--containing bank account information, credit card numbers, employee addresses and other confidential data--are stored on vulnerable secondary storage systems while the work is being done.
It might be easy to point fingers and call this a "database admin's problem," but storage teams, along with their database counterparts, can improve the security of their test and development environments and get some benefits in return.
Batten down that database
ESG research indicates that, on average, organizations classify 54% of their database content as confidential, and a large portion of this data is retained on a centralized storage infrastructure. That makes security the database and storage groups' problem.
|
