Storage.com

storage security

By Paul Kirvan

What is storage security?

Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities. Storage security can encompass hardware management, application development, network security controls, communications protocols, organizational security policies, physical security and user behavior.

Storage security also includes a range of issues, including network security and cyberthreats. Protection must be provided against online threats such as viruses, worms, Trojans and other malicious code.

Why is storage security important?

Storage is where data resides. It is also where users and applications interact with data either directly or indirectly. An effective storage security strategy is essential in preventing unauthorized access to data and underlying storage systems. It is also important in ensuring authorized users have the access they need for their jobs.

Most organizations use multiple security measures as part of their access control efforts to prevent hackers or unauthorized users from accessing data. Even so, when an organization is attacked, storage security is often the last layer of defense against malware or other cyberthreats. That makes it even more important for IT teams to protect their storage systems.

However, storage security isn't an isolated effort. It must be part of a larger, organizationwide data management strategy that protects sensitive data from being compromised no matter where it resides.

Many enterprises use storage area networks (SANs) for data storage. When planning SAN security, IT teams should consider the following:

Types of secure data storage and who is responsible

Data is stored primarily on local hard disk drives and solid-state drives, network-attached storage devices, RAID storage systems, cloud storage services and magnetic tape. Security measures, such as encryption and access controls, must be added to each medium to protect data from unauthorized access and other malicious attacks.

Within a data center, a data storage team is responsible for all aspects of data management, which includes storage security. Organizations that don't use a data center have a member of their IT team handle storage security issues.

Shifting storage activities to a cloud storage provider means that users must depend on the cloud storage security provided by the service and its security teams. When implementing a service-level agreement with a third-party organization, the SLA should address storage security.

Storage security management and methodology

Storage security management is the process of ensuring an organization's storage systems and data are fully protected in accordance with its security requirements. This includes data that resides within the storage systems, as well as data in transit to and from those systems.

Storage security management is broader than simply safeguarding the drives themselves. It must consider every attack vector that could lead to compromised storage systems and exposed data.

IT teams responsible for storage security must carry out several tasks to protect data resources, including the following:

The following criteria can help determine the effectiveness of a storage security methodology.

  1. The cost of implementing the system should be a small fraction of the value of the protected data.
  2. The cost to a hacker, in terms of money and real-time activities, to compromise the system should be more than the protected data is worth.

Common data storage security threats and vulnerabilities

There are many threats to an organization's data, ranging from malicious attacks to accidental data loss. Some of the more common threats include the following:

Data security vs. data protection

The term data security and data protection are often used interchangeably, but they refer to two different data management strategies.

Although data security and data protection are two different concepts, they are related. For instance, if an organization is targeted by a ransomware attack, its data security might be able to stop the attack. But if the attack succeeds, the organization's data protection mechanisms -- its backup and restore processes -- can get the data back without paying the ransom, assuming the backups have not also fallen victim to the cyberattack.

If data protection is poorly implemented, it can create additional security risks. For example, an organization might back up its data to tape without encrypting the backups. An insider could steal the backup tape to gain access to the data.

Data security and compliance considerations

Organizations in regulated industries must examine any applicable compliance requirements when deciding how best to secure their data. Regulations such as the following focus heavily on data security and privacy:

Domestic and international standards for storage security must also be considered. Key standards include the following:

Regulatory requirements vary, sometimes significantly. Nevertheless, they commonly establish mandates that govern how data should be stored. For instance, most regulations require all sensitive data to be encrypted. Many specify retention requirements.

Although the various regulations establish storage security requirements, they usually leave it up to the individual organization to choose the methods and mechanisms to use to meet those requirements.

Best practices for securing data

Entire books have been written on keeping data secure. Even so, there are several best practices that organizations should follow when protecting their storage systems and data.

Artificial intelligence and object storage play a major role in data storage security. Learn how they figure into the top data storage security best practices.

07 Mar 2024

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement