Data storage security is a 360-degree discipline that covers a lot of things, including protecting IT assets, setting appropriate security policies, vetting vendors and partners, and educating employees in secure practices. It has to—enterprise data is frequently under threat. Organizations must have sound data security practices in place to ensure the integrity and safety of their data from malicious threats, natural disasters, and careless employees. This article presents 12 best practices for enterprise data security.
12 Best Practices for Enterprise Data Storage Security
There are many ways for enterprise data to be put at risk. Sometimes it is inadvertent—an employee might accidentally delete files, leave a laptop at an airport, or spill coffee on a server. Other times it is malicious, as hackers try to steal private information, access proprietary data, or lock systems for ransom. It might even be natural if a flood or fire damages an office space. Data storage security means taking all of these possibilities into account and preparing for them. Here are 12 best practices to help ensure that data is protected at all levels of an organization.
1. Enact Company-Wide Data Storage Security Policies
Enterprises should have written policies specifying the appropriate levels of security for the different types of data they maintain and use. Policies should be clearly written, published where they are accessible, and frequently updated. Public data requires less security than restricted or confidential data, but organizational policies should cover both as well as security models, procedures, and tools in place to apply appropriate protections. The policies should also detail the security measures to be deployed on storage devices used by the organization.
2. Establish Role-Based Access Controls
Role-based access control—allowing or preventing access based on how organizational roles interact with and use the data—is a must-have for secure data storage. Carried further, security measures like Multi-Factor Authentication (MFA) can bring an additional level of security to access. Part-and-parcel with access control is a strong password management policy establishing strict guidelines for secure passwords and regularly scheduled changes.
3. Deploy Data Encryption and Data Loss Prevention
Data should be encrypted both while in transit to and from storage systems and while at rest. Storage administrators also need to have a secure key management system for tracking their encryption keys. Many experts say that encryption alone is not enough to provide full data security and recommend that organizations also deploy data loss prevention (DLP) solutions—software that detects and prevents potential breaches and unauthorized transmissions—that can help find and stop any attacks in progress.
4. Maintain a Strong Network Security Posture
Storage systems don’t exist in a vacuum—they should be surrounded by strong network security systems, including firewalls, anti-malware protection, security gateways, intrusion detection systems, or advanced analytics and machine learning-based security solutions. These measures can go a long way toward preventing most cyberattackers from gaining access to storage devices. Organizations should also implement zero-trust networks that can immediately detect whenever an asset is added, removed, or changed on an internal network. This is especially important as more end user “citizen developers” add IT systems, equipment, and cloud vendors without IT approval.
5. Maintain a Strong Endpoint Security Posture
Organizations should also make sure that they have appropriate security measures in place on employee PCs, smartphones, and other devices that will access the enterprise’s stored data. These endpoints—particularly mobile devices—can otherwise be a weak point in an organization’s cyberdefenses. All mobile and IoT (Internet of Things) devices allowed into company networks should have their security settings checked and set to enterprise security standards so no device is inadvertently left exposed. IT should also have policies, procedures, and automated software in place that assure that the latest security updates for operating systems, firmware, and applications are uniformly and immediately installed on all mobile and IoT equipment in the field and in the enterprise.
6. Use Redundant Storage Methods
Redundant storage, including RAID technology, helps to improve availability and performance of hard drives and can help organizations mitigate security incidents by storing copies of data on multiple drives and enabling failover should an individual hard drive fail.
7. Create and Enforce a Backup and Recovery Plan
Some successful malware or ransomware attacks compromise corporate networks so completely that the only way to recover is to restore from backups. Storage managers need to make sure that their backup systems and processes are adequate for these types of events, as well as for disaster recovery purposes. In addition, they need to make sure that backup systems have the same level of data security in place as primary systems. Backup systems at failover cloud vendors should regularly be checked for concurrency with onsite enterprise data. If backups are stored in offsite facilities, the hard drive and/or tape media they are stored on should be regularly checked to ensure that the media hasn’t deteriorated to where data is corrupted or unrecoverable.
8. Physically Secure Storage Devices and Data
If data is stored on storage devices or servers at remote or edge locations, these data stores should be monitored by zero-trust networks—a security model that requires strict ID verification for every person and device trying to access resources on the network—and physically sequestered in locked areas with restricted access when not in use.
9. Deploy Thin Client Workstations
The mobile devices and desktop workstations used within the enterprise and in the field should ideally be deployed as thin clients—machines that can access and use data from corporate networks and other authorized sources but cannot store it on internal hard drives or solid state memory. This prevents unfortunate data losses that can occur when a device is lost, stolen, or misplaced.
10. Use Remote Shutdown for Lost and Misplaced Devices
When an employee loses or misplaces a mobile device, IT should be able to shut down the device remotely so it cannot be accessed. This minimizes the potential loss of data or network access by unauthorized personnel.
11. Properly Vet Vendors and Business Partners
Before signing a contract with a cloud provider, software vendor, or business partner with which your business will exchange data—or even a supplier in the company’s supply chain—make sure your security team properly vets the policies and practices of each entity for conformance to enterprise standards. If your data is breached as a result of their lax security practices, customers—and maybe even legal authorities—will still hold you responsible. Proper vetting begins in the RFP process where appropriate levels of security should be a documented requirement for doing business.
13. Build a Culture of Security With Training
Poor employee security habits are a leading cause of data loss and compromise. All employees at all levels should receive security training and refresher courses annually at a minimum to ensure best practices are followed and that security stays top of mind for everyone.
Bottom Line: Keeping Your Storage and Data Safe
Data is frequently exposed to a wide range of security threats, whether natural, inadvertent, or perpetrated by malicious actors out to steal data or compromise systems. Good data storage security requires vigilance, planning, and education. It is not just the role of an individual or team, but an organization-wide effort that must be part of the culture. In addition to enforcement and mitigation efforts, good data storage security personnel will take the lead for this company-wide approach by making sure all staff are trained to recognize risks, comply with policies, and vet partners and vendors to protect enterprise assets at every step of the way.
Read next: What is Data Storage Security?