Leaping Hurdles to Safeguard the SAN
The horror stories on storage "insecurity" keep rolling in.
Just in the past month, someone stole the personal information for nearly 120,000 Canadians from Revenue Canada; a bank inadvertently sent detailed information on hundreds of thousands of customers to eBay for auction; and two men posing as computer technicians walked in and out of Sydney Airport, wheeling two computers containing customer databases right out the door in plain view of security guards.
"Managers who know security is a huge problem at the corporate level don't always recognize how insecure their storage networks really are," says Jamie Gruener, a Yankee Group analyst. "Storage security is now emerging as a significant new focus for enterprises and government as part of their compliance and risk management initiatives."
Let's take a look at the increasing prevalence of Storage Area Networks (SAN) insecurity and what IT managers can do to safeguard their storage assets.
There is no doubt that modern-day storage management has greatly increased the value and availability of corporate data. No longer are businesses held ransom by one or two individuals who are the only ones privy to vast stores of data. Under that model, you had to put in a request for a report or some specific data, and after a few days – or even weeks in some cases – you got what you wanted.
But at least that system was relatively secure.
Nowadays, virtualization, storage pooling, and platform/vendor-agnostic architectures make data instantly available across the planet, primarily using the Internet Protocol (IP). But such freedom comes at a price.
The more available data is, the higher the risk of incursion. In response, most companies implement stringent network safeguards. They reason that a combination of anti-virus software, firewalls, and intrusion detection equals a protected SAN. This is faulty logic.
"Most SANs are like M&M's," says Clement Kent, CTO of storage security vendor Kasten Chase Inc., a storage security vendor based in Mississauga, Ontario. "They are hard and crunchy on the outside, and soft on the inside."
The soft center results from the fact that the data within the average SAN lies unprotected. While not a problem if an intruder can't get past the front gate, it makes things all too easy for those that are able to find a way inside. And according to numbers from the FBI and the Gartner Group, 50 to 70 percent of all security vulnerabilities come from within.
Disgruntled employees, industrial espionage, and other internal threats are driving home just how naked SANs really are at the back-end. One analogy is a bank with security guards outside and screens between the tellers and the public, but no vault within to hold the money.
The good news is that awareness is shifting.
"A year ago only a few percent really grasped the issue of SAN insecurity," reports Michele Borovac of Decru, a storage security specialist out of Redwood City, Calif. "Now about 25 percent are aware of the need to lock down SAN data."