Shoring up storage security

Storage security is crucial to enterprise. However, some companies continue to make the same mistakes and their storage vulnerable. VARs have the opportunity to fix those problems by highlighting the needs customers might not realize they have.

This Content Component encountered an error

There are some commonly overlooked storage security issues that every VAR and systems integrator needs to consider. Many companies make common, yet critical, storage security mistakes that are often overlooked when it comes to protecting sensitive data. VARs have the opportunity to enhance their customer's storage security while performing a valuable task. Information security expert Kevin Beaver outlines a set of solid storage security...

basics you can use as a guide to check your own work, look for vulnerabilities in a customer's storage configuration.

Storage vulnerabilities you can't afford to miss

More on storage security:
Data-in-transit security and tracking services

Integration demands drive storage security offerings

These storage security vulnerabilities seem almost too obvious, but they're quite pervasive in today's networks – especially given the complexity of the information systems that network managers are responsible for today. Some are technical in nature and others I've seen are business-related, but they're certainly items VARs can't afford to overlook when designing storage security systems for a client.

  1. Lack of share and file-level access controls. This is typically OS defaults or settings that allow everyone full, unaccountable access.
  2. Failure to implement storage security with defensive tactics in mind. In other words, create as many hoops for attackers to jump through as reasonably possible without negatively impacting system performance or carving into your budget. This includes utilizing network segmentation of storage systems where possible, hardening the system at the OS level if it's not already, implementing disk/file/database encryption where practical, and implementing disk, share and file access controls where appropriate.
  3. Technology driving security policies and business decisions. It should actually be the business needs determining technology and the associated security risks determining security policies.

Read the rest of Beaver's article at SearchStorage.com.

Storage security checklist of practical safeguards

Whether you're relatively new to storage administration or a veteran, or whether your storage is network-based or directly attached, there are several storage security must-haves in order to make sure your data is as safe as possible. With storage systems housing "the goods," a lot can happen, including stolen passwords, unauthorized access, improper deletions and modifications, bypassing zone restrictions through physical port changes and more.

There are a wide range of storage-related security vulnerabilities and poorly implemented administrative processes that VARs can easly correct. The following checklist provides a broad range of platform-agnostic storage security essentials.

  • Unload unnecessary storage services related to NFS (i.e., mountd, statd, and lockd) if they're not needed and limit network-based permissions for NetWare volumes, Windows shares, etc. to a need-to-know basis from the get-go -- otherwise individual accountability and responsibility are out the window.
  • Proper authentication is critical as well, so ensure credential verification is taking place at one or more layers above your storage devices (i.e., within the operating system, applications and databases) where possible.
  • Accountability is another one of those storage security must-haves, so make sure audit logging is taking place where possible and practical.

Read the rest of Beaver's article at SearchStorage.com.

About the author: Kevin Beaver is an independent information security consultant with Atlanta-based Principle Logic, LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Kevin has authored five information security-related books including Hacking For Dummies (Wiley), the brand new Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.

Dig deeper on Data Backup and Data Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close