Home > Storage Technology Tips > > Be safe, not sorry -- addressing the business side of storage security

	Storage Tips:	EMAIL THIS

	TIPS & NEWSLETTERS TOPICS

	Be safe, not sorry -- addressing the business side of storage security Vijay Ahuja 06.18.2003 Rating: -2.50- (out of 5) Digg This!     StumbleUpon     Del.icio.us    [TABLE]

Just like any other investment, storage security must be evaluated as a part of company's business model. Corporate management often encounters difficulties in justifying such investments that have no direct addition to the bottom line. There is no simple answer to this complex issue. Quite often, storage security is presented as a solution against a variety of potential threats and risks. Various studies have touted a variety of risks and threats, varying from virus attacks to theft of critical assets. But management needs more than "what if" scenarios.

This column outlines some approaches to address the business side of storage security. It addresses the business issues that management should consider when deciding on investment in storage security.

There are some approaches out on computing Return on Security Investment (ROSI). One simple approach for estimating ROSI is to first identify the critical assets of the corporation. Next, compute the estimate of damage (of an attack) on each asset, times the likelihood (or probability between 0 to 1) of its occurrence. In a simplistic approach, this number should not exceed the amount of investment to prevent this attack.

So, what are the other non-financial business issues that should also be considered when deciding on storage security investment?

First is the issue of recent legislative moves aimed at protecting privacy. This includes: Healthcare Industry – Health Insurance Portability and Accountability Act and Financial Services – Graham-Le

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

I would like to receive a FREE subscription to Storage magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase storage products, software or services?
YesNo

What is your average annual expenditure on storage including hardware, software and services?
Please select... $20 million + $10 to $19.9 million $5 to $9.9 million $1 to $4.9 million $500K to $999K $250K to $499K Less than $250K None

What is your role in purchasing?
Technical decision maker
Financial decision maker
Determine need
Evaluate products/services
Recommend and specify products/services
Implement products/services
None

By joining SearchStorage.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Second, there may be certain security issues resulting from corporate audits, third party audits (such as by audit firms) or government audits. Such audits may mandate the need to protect certain data while in flight or rest. Any use of storage security technology to address the audit issues will have a better chance of getting the funding.

The third consideration is to consider the impact of downtime resulting from any of the attacks such as denial of service. Based on such impacts, storage security investments may be funded as part of the emerging need for business continuity initiatives. Most large businesses are deploying comprehensive plans to support disaster recovery.

The fourth aspect relates to corporate mandates. For large corporations, there may be a corporate mandate that may include funding for data protection.

Finally, often businesses, when talking of storage environments, translate data protection to data backup. The storage industry has done little to differentiate data security vs. data availability. This confusion has led, at times, to sidelining storage security investment in favor of data backup and restore services.

So, in summary the business executive should:

1. Treat the investment in storage security just as any other business investment.
2. Do not simply focus on technical risks to justify investment in storage security.
3. Consider the above business issues to support your justification for investment in storage security.

Rate this Tip To rate tips, you must be a member of SearchStorage.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Find Data Backup Analysis and Server Storage Channel Solutions The Data Domain Data DeDuplication Center - Data Retention, Replication and Recovery

	View this month\\'s issue and subscribe today. Apply online for free conference admission.

	SEARCH :     Site Index Powered by:  About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines. TechTarget Corporate Web Site  |  Media Kits  |  Site Map All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy