As prices fall and capacity increases, finding data storage space has become a non-issue for many enterprises. But when it comes to safeguarding important stores of customer information, companies still need to take precautions to ensure that prying eyes do not gain access.
Many businesses now have vital internal and external storage arranged in what are known as storage area networks (SANs), which allow a user to search for any piece of data stored within an enterprise. Therefore, information is often accessed simultaneously by numerous inside and outside parties. In addition, companies are moving toward Web-connected storage systems that are interoperable with those of other enterprises, and mobile technologies are offering more opportunities for users to gain remote access to stored data.
In part because of these trends, companies must make technological and strategic adjustments to their thinking about storage. According to Meta Group program director Phil Goodwin, SAN security is often overlooked because of the limited nature of early deployments, and because of a false belief that stored data is completely protected behind firewalls.
More Than Devices
As the data storage landscape changes, companies can no longer depend exclusively on device-specific storage solutions to ensure security. Goodwin told the E-Commerce Times that software offerings from companies like Brocade and McData provide an added layer of “zoning” protection, monitoring storage networks and preventing unauthorized users from gaining access to certain portions.
He said these and similar programs supplement existing authentication processes and are particularly helpful in preventing clever outsiders from wandering where they should not. “The idea is to stop someone who is trying to spoof a server to get at stored data.”
Goodwin added that a number of technologies, generally known as fabric security products, have been designed to address potential vulnerabilities in storage networks. While they boost security, they also requires companies to make tradeoffs: Data is more securely protected, but the overall system becomes less interoperable with those of other enterprises. According to Goodwin, technology firms are working on ways to maintain interoperability while improving security.
Beware of Overkill
In the meantime, enterprises should be careful not to get too fancy about their storage security, since some solutions could create their own problems.
For example, Aberdeen Group vice president Jim Hurley advised against encrypting data after it has already been stored. Such a move could make data difficult to access from various departments and through the many applications used by most companies. It also could prove problematic if company workers attempted to retrieve data from storage but the encryption key could not be found.
“Most companies are not going to go for that on an enterprise-wide basis,” Hurley told the E-Commerce Times.
In fact, most enterprises need not reinvent the wheel when it comes to protecting stored data. Hurley said that businesses, especially small ones, would do just as well to enforce existing authentication standards, maintaining a secure system of passwords and login procedures.
He added that encryption is best used outside of the SAN for transmission situations — for example, when data is sent from one wireless device to another.
Other technology strategies are more appropriate inside the storage network, particularly in conjunction with existing identity safeguards and business intelligence initiatives. For example, researchers at Gartner point to storage management products, such as IBM’s Tivoli line of software. These products monitor the various hardware components of SANS, manage access to information, automate data backup and provide protection against power failures.
Storage issues appear to be weighing on the minds of corporate IT managers. A recent study by Meta Group found that 60 percent of organizations plan to use storage consolidation technology over the next two years to manage storage volumes, lower costs and increase return on their storage investments.
The survey of 328 senior-level IT professionals found that backup and recovery of stored data — including boosting disaster recovery capabilities — remains the number-one spending priority.