Channel takeaway: Storage security is being noticed as a glaring weak spot for many SMBs. Unfortunately, most shops don't know they are exposed or where to begin trying to fix the problem. One area that is often over looked is the media that data is stored on. Fortunately, VARs can be an integral part of the solution. By educating customers about the flaws in their storage security and creating a comprehensive protocol for mending these weak spots and keeping data that has been backed up secure, the customers will have a much easier time sleeping at night.
Web-based storage service providers offer small and medium-sized businesses (SMBs) an alternative to doing backup on tape, disk or hard drives, but SMBs have some legitimate concerns about such services. Get their feedback and find out how you may be able to quell their concerns.
Historically, added security for storage was deemed unnecessary because storage was done on relatively isolated standalone devices, according to Dennis Martin, senior analyst for storage management software and security at Greenwood Village, Colo.-based Evaluator Group. Since the physical connections of those devices to the hosts were hidden, they were difficult to find within a network. If outsiders couldn't get to the host, they couldn't get to the storage device or to the stored data.
With the advent of new storage technologies, storage is no longer so hidden. Fibre channel and iSCSI SANs are accessed and managed over IP connections, with all the risks to which IP exposes networks.
"Islands of SANs within an environment have been considered low-risk areas," Damoulakis says. "However, the SAN infrastructure connects to hosts and hosts are on the network. To do very serious damage would simply require working through a compromised host and getting access to this largely unsecured storage network."
Standard corporate network security practices -- such as password management, enforcing access controls, enabling audit trails, securing management interface points -- should all be applied to storage, the experts agree.
Every best practice in security that's in place for the network should be implemented for storage. Here's the experts' list of some important best practices:
- Audit and do a risk assessment on the storage infrastructure, looking for risks and vulnerabilities.
- Adopt and enforce data encryption policies. Best practices include classifying data, and applying encryption to private and confidential data through the lifecycle of the data.
- Treat backup as an "orange alert" process. Adopt secure media management tracking and handling policies.
Read the rest of Kincora's article on SearchStorage.com