Security: The Elephant in the Storage Management Room


Want the latest storage insights?

Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure

Let’s confront the two-ton elephant in the corner of the storage management room that no one wants to mention, let alone clean up after — yes, we're talking about enterprise storage security. While your company undoubtedly wants to improve business performance by providing more access to information, securing critical corporate data almost always entails limiting access to it.

With such a dichotomy, security can become a big job, absorb all your time and energy, and, at the end of the day, demand a big investment with no apparent effect on the product you deliver — except that it really does affect product delivery. Without it, you might not be able to deliver product or services; in fact, without it, you might even lose the business. Yikes!

You may be the one who brought the elephant into the room, especially with the call to action from experts in the field like the following from the Yankee Group: “In 2003, storage security will become an essential aspect of customers' deployment strategies as they find ways to expand their disaster recovery planning, deploy new storage networks that mix multiple network protocols, and develop plans to connect or consolidate disparate storage systems using metro SANs.”

But like most of us, you may still be peeking into the corner and just beginning to face up to the immense storage security challenge, so here are a few tips to get started.

  1. Make everyone understand that security is their responsibility, too. Yes, everyone in your organization. Remind them that if they write their passwords in the corner of their top left drawer or enter them in their PDAs, or if they tell a friend their password when the friend says, “I forgot mine and need to use your account to get something off the system,” the security measures you install are useless.

    If your employees think that IT will make sure all systems are secure, then they’re perched right on the end of that elephant’s trunk. Get your management, and their management’s management, involved and thinking of everyday ways to protect the enterprise’s corporate data assets and communicate them throughout the organization.

  2. Convince your management that you need specific security measures on your storage network — general enterprise security simply isn’t enough. Start with these three facts:

    • Theft of proprietary data costs the organization the most time and dollars. Help your management understand that it’s important to have security on all your storage resources, including the ones that leave with your employees every night (i.e. laptops).

    • Bone up on your regulations (or at least the basics) to explain how financial, securities, and government regulations such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Securities and Exchange Commission (SEC) Rule 17a-4(f), and the Food and Drug Administration (FDA) 21 CFR Part 11 can require your company to ensure data privacy. We’ll talk more about these in a future column.

    • Remind management that not all security breaches come from one direction — into the enterprise — as a large percentage may come from disgruntled employees, contractors, or staff with access to confidential data inside the firewall.

  3. Establish your security goals. Remember the regulation requirements you researched in tip #2 and anticipate them with a focus on confidentiality, integrity, and availability. Identify how each goal affects your business success and survival.

Page 2: Security Tips Continued...

Submit a Comment


People are discussing this article with 0 comment(s)