Firewalls are fine for securing a network perimeter, but they do little to secure data while it is at rest. Storage security is often overlooked, but a new survey points out that users are definitely on edge about hardening their storage area networks.
Concerns about storage security weigh heavily on the minds of today's IT managers. A recent survey by Toronto-based Kasten Chase, a data storage security startup, shows that storage area network (SAN) operators are worried about the level of data security in their storage environments.
Of the 103 users that responded to the survey, which was conducted during three trade shows, 94% indicated that their clients are increasingly concerned about the level of data security used to protect the confidentiality of their personal information. A whopping 97% of respondents agreed that customers and investors might lose confidence and trust in their companies if they could not demonstrate that an appropriate level of storage security is being used to protect their data.
Hari Venkatacharya, chairman of the Secure Networked Storage Advisory Council and senior vice president at Kasten Chase, said the gathering storm of industry anxiety over storage security comes from exponential storage capacity growth, emerging regulatory and compliance issues, and the glaring vulnerabilities that exist in today's storage networks.
"One of the reasons we did this survey was [that there is] so much qualitative information out there on secure storage, but no quantitative information. Now we have some real numbers on the importance of secure networked storage," Venkatacharya said.
John Chirillo, senior Inter-networking engineer at technology management company ValCom and the author of Storage Security: Protecting, SANs, NAS and DAS, said there is a growing concern among his clients as well.
"Storage security has been sorely overlooked," he said. "With the rapid release of new software and hardware and the progression of technology and processing power, the threat of further loss is imminent. We simply must equally integrate security throughout the infrastructure and should not depend so much on robust perimeter security, such as firewalls."
The Evaluator Group Inc.'s Randy Kerns, a senior technology analyst, said that typical security for today's storage devices addresses device access. He said that, in reality, there are multiple elements to security for storage that need to be considered, including device access, access to the data in transit, data protection through encryption and management access to a device.
Kerns said the biggest problem is data on the move. "All of the security announcements show improvements in control of access to storage devices," he said. "None really address data in transit."
Technology alone will not solve the problem. The only way security holes can be plugged, according to Kerns, is through a layered set of protections that are part of an overall storage strategy.
"The features on the products will be a part of that solution, but only a part. Without a comprehensive plan, they can't be effectively utilized," he said.
Let us know what you think about the story. E-mail Kevin Komiega, News WriterBrocade tightens fabric security Research: Storage security shoddy Download the security survey free of charge Comment on this article in the SearchStorage.com Discussion forums