Whitepapers

Storage Security Best Practices

In a recent GlassHouse survey of storage management, 52% of respondents graded their storage department “Fair” for security readiness. This paper provides a means of improving that percentage.

"The widespread adoption of networked-based storage, particularly Storage Area Networks (SANs) has provided many benefits including improved utilization and better access to data within corporate environments. However, this transition from captive storage tethered to servers to today’s independent networked devices has largely taken place under the radar of corporate security groups whose traditional focus has been on areas such as intrusion detection/prevention and protection of host systems. As a result, the storage infrastructure – both primary storage and especially secondary data storage like backups and archives – is likely to be a company’s Achilles’ heel when it comes to security. Policies for data security are a corporate concern and should be integrated as a fundamental element of an enterprise security strategy. Strategic security policies can then spawn tactical and operational policies through the joint efforts of the security and storage organizations. "This paper details several key steps that should be taken to ensure that information both in transit and at rest is appropriately maintained with regard to confidentiality, integrity, and availability. The recommended approach combines extension of standard security best practices into the storage realm with particular focus on factors unique to protecting off-site storage."