In the rush to shore up enterprise information, storage security shouldn’t be given the short end of the IT stick, industry experts caution.
According to a recent report from Milford, Mass-based Enterprise Strategy Group, storage security is often overlooked and open to attack. Just because an organizations’ storage sits behind firewalls, networks and servers doesn’t necessarily mean it’s safe, the report warned.
The report, Storage Security Perspectives, noted that storage security “remains an exposed island, outside of mainstream security activities.” Thirty per cent of storage professionals polled reported that organizational security policies and procedures often don’t include storage technologies.
David de la Plante, senior vice-president for business solutions for Mississsauga, Ont.-based Kasten Chase Applied Research Ltd., said while it’s not a “doomsday scenario,” organizations have to address the issue sooner or later. Kasten Chase last month unveiled a solution specifically for storage information security. The service, according to Kasten Chase, is among the first such service for storage and includes a best practice assessment, education services and a business case analysis, all intended to quantify the ROI (return on investment) benefits of implementing of secure data backup.
Particularly in the face of compliance and lifecycle management issues, enterprises can’t afford to neglect security for storage, de la Plante said. By developing a business model for storage security, organizations can determine that gains from storage asset utilization, compliance and storage information risk management, he added.
Indeed, industry experts noted that information sitting on storage devices and data in transit through the infrastructure should be considered in the enterprise. San Francisco-based Storage Networking Industry advises organizations to develop separate infrastructure for the out-of-the band management and control terminal interfaces to the storage network.
Organizations can benefit from a sound storage security policy, one that safeguards the operation of the storage network and control potential attack points affecting the operation of the network. Enterprises might ultimately wish to expand resources and data accessibility from the disk array to the application; networked storage security challenges abound and should be dealt with first.
But according to Alan Freedman, storage analyst with Toronto-based IDC Canada Ltd., end users are increasingly looking at security but “whether or not they’re spending on it is another issue.”
Freedman said there is a competitive advantage involved in properly securing data when it comes to compliance and business continuity issues.
