Robbing the (Data) Bank Page 2
Storage Security Scramble
According to analysts, there's no quick fix that will instantly protect enterprise storage assets. Instead, it requires a comprehensive, end-to-end enterprise solution.
"Companies need to assess the vulnerability of storage from multiple perspectives," maintains Marrone. "After assessing, they need to make sure they have every access point secured, and if they have particularly sensitive data, they should look into further protecting it through encryption of the data at rest."
Several companies have released appliances specifically designed to perform this type of encryption, including NeoScale Systems, Inc.'s CryptoStor FC, Vormetric, Inc.'s CoreGuard, and Decru, Inc.'s DataFort.
Kasten Chase Applied Research, meanwhile, takes a non-appliance approach with its Assurency Secured Network Storage.
"The vulnerability in using an appliance is that it doesn't scale as well," says Venkatacharya. "In addition, an encryption appliance can affect LUN masking [Logical Unit Number — an identifier used on a SCSI bus to distinguish between devices sharing that bus]."
In addition to the new storage security software and devices which are coming out, SNIA has also been working with the industry to formulate much needed standards for security.
"The Storage Security Industry Forum is working to establish best practices and to educate customers," says Hoff. "Security is 80% planning and 20% implementation."
The American National Standards Institute (ANSI), too, is addressing the area of security standards through the Fibre Channel Security Project (FC-SP). FC-SP operates under ANSI's Technical Committee T11, the body which works in the fields of Fibre Channel and storage network management.
The Internet Engineering Task Force (IETF) is also involving itself in the issue through its IP Storage Group (IPS). IPS is not developing its own standards so much as it is adapting those set by T11 and T10 (SCSI) for use in transmitting storage blocks over an IP network, rather than over Fibre Channel or SCSI. In particular, it is addressing the areas of security, naming, discovery, and configuration.
"The industry wants to establish one standard for security," Hoff continues. "We want to take the established networking best practices and adapt them to storage since network administrators already understand those standards."
With all these new standards, devices, and software hitting the market, security then comes down to that final 20% Hoff spoke of — implementing it on individual storage systems.
As the SQL Slammer worm illustrated, getting people to keep their systems secure is still a weak point. But if you don't, the IT-savvy progeny of Willie Sutton are standing by to pay your storage a visit.
This feature originally appeared on Datamation.