Q: Has a data inventory been conducted?
Storage security can exist in many forms. It can exist in the back office on a server, NAS or SAN; it can exist on a local station, on a hard drive; it can exist on removable media such as an optical storage, USB flash, flash RAM; or an external storage device such as a USB hard drive or an iPod. Protecting stored data in all forms can't be achieved with a single technology.
We have observed a common practice where security policy, practice and technology have been deployed to address privacy compliance objectives, and subsequent to the completion of these projects, the client then proceeds on inventorying and categorizing data stored throughout the organization. Although security and data classification are two important elements of developing a responsible storage security model, approaching a storage security project by first inventorying and classifying data can simplify the process by establishing where subject data exists.
This was first published in March 2008