Article

Users say storage security is shaky at best

Kevin Komiega

Firewalls are fine for securing a network perimeter, but they do little to secure data while it is at rest. Storage security is often overlooked, but a new survey points out that users are definitely on edge about hardening their storage area networks.

Concerns about storage security weigh heavily on the minds of today's IT managers. A recent survey by Toronto-based Kasten Chase, a data storage security startup, shows that storage area network (SAN) operators are worried about the level of data security in their storage environments.

Of the 103 users that responded to the survey, which was conducted during three trade shows, 94% indicated that their clients are increasingly concerned about the level of data security used to protect the confidentiality of their personal information. A whopping 97% of respondents agreed that customers and investors might lose confidence and trust in their companies if they could not demonstrate that an appropriate level of storage security is being used to protect their data.

Hari Venkatacharya, chairman of the Secure Networked Storage Advisory Council and senior vice president at Kasten Chase, said the gathering storm of industry anxiety over storage security comes from exponential storage capacity growth, emerging regulatory and compliance issues, and the glaring vulnerabilities that exist in today's storage networks.

"One of the reasons we did this survey was [that there is] so much qualitative information

Requires Free Membership to View

out there on secure storage, but no quantitative information. Now we have some real numbers on the importance of secure networked storage," Venkatacharya said.

John Chirillo, senior Inter-networking engineer at technology management company ValCom and the author of Storage Security: Protecting, SANs, NAS and DAS, said there is a growing concern among his clients as well.

"Storage security has been sorely overlooked," he said. "With the rapid release of new software and hardware and the progression of technology and processing power, the threat of further loss is imminent. We simply must equally integrate security throughout the infrastructure and should not depend so much on robust perimeter security, such as firewalls."

The Evaluator Group Inc.'s Randy Kerns, a senior technology analyst, said that typical security for today's storage devices addresses device access. He said that, in reality, there are multiple elements to security for storage that need to be considered, including device access, access to the data in transit, data protection through encryption and management access to a device.

Kerns said the biggest problem is data on the move. "All of the security announcements show improvements in control of access to storage devices," he said. "None really address data in transit."

Technology alone will not solve the problem. The only way security holes can be plugged, according to Kerns, is through a layered set of protections that are part of an overall storage strategy.

"The features on the products will be a part of that solution, but only a part. Without a comprehensive plan, they can't be effectively utilized," he said.

Let us know what you think about the story. E-mail Kevin Komiega, News Writer

Brocade tightens fabric security

Research: Storage security shoddy

Download the security survey free of charge

Comment on this article in the SearchStorage.com Discussion forums


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: