Tip

Storage security: Enforcing policies and procedures that work

Storage security: Enforcing policies and procedures that work
By Linda Christie

According to the 2001 Top Ten Technology List published by The American Institute of Certified Public Accountants (AICPA), information security and control ranks as the number one concern in the CPA profession. However, Steve Munroe, chief operating officer for Interliant, a global provider of managed application hosting and professional consulting services, says that designing a secure storage architecture alone isn't enough.

"The majority of security breaches occur in-house," Munroe says. "You can architect great technology, but if you have a password problem, or if people are not following procedures, it won't do any good."

To improve the security for your data, Munroe recommends the following:

  • Perform routine backups of your operating system, programs, applications, and all data files. "Without backups, most businesses never fully recover from data loss," Munroe says. "Tapes should be stored in a fireproof vault with duplicates periodically sent to a secure facility offsite, not to an employee's home."
  • Separate your back-up network from main traffic. "Don't back up secured data over a network that everyone else uses," he says. "Restricting access to the back-up network will allow you to more effectively control access to back-up equipment and applications."
  • Make

Requires Free Membership to View

  • sure your back-up equipment, tape library, and tapes are kept in a secure area. "The room that houses your back-up server, tape library, and backup tapes should be locked," Munroe says. "Only authorized personnel should be allowed to enter this secured area."
  • Make sure that the personnel charged with performing backups are competent. "Train personnel in charge of performing backups to use written procedures that follow good security practices," he says.
  • Make sure all locations are using secure backup procedures. "If you have multiple locations, make sure someone at these remote facilities owns and follows back-up and security policies," he says.
  • Make sure that your security policies are being used. "Ignoring policies fosters cynicism and the belief that management isn't really concerned about security," Munroe says. "Conduct staff awareness and training programs emphasizing the importance of following backup procedures and maintaining security."

For additional information, read Interliant's white paper (in Adobe Acrobat format) entitled, "Network security: What you don't know can hurt you".

Additional resources:
* Check out searchStorage Best Web Links.

* Do you have any tips on storage security? Share your knowledge with your peers. Submit your own tip.

* For other topics of interest, check out our searchStorage Management Tips and Tricks discussion forum.

About the author: Linda Christie is a contributing editor based in Tulsa, Oklahoma. She's a regular contributor to our biweekly "Storage Management" newsletter pulished by searchStorage.

This was first published in July 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.