Storage Security: Getting Beyond M&M SANs: Page 2
Conduct annual security audits to evaluate strengths, weaknesses, opportunities, and threats (SWOT Analysis). There are good guidelines available from the Storage Security Industry Forum (SSIF), a part of the Storage Networking Industry Association (SNIA).
Stay on the watch for new developments in network and storage security as well as new threats from outside and inside the firewalls. Some of the basics for every audit, as recommended by SNIA, include:
- Policies that cover both network and storage security, as well as all interfaces between the two areas
- Policies that are current with new laws and regulations affecting your data security
- Evaluate the best balance between access limitation and data availability
- Levels of confidentiality applied to data appropriately
- An active and current employee security awareness program
- Storage centers, network hardware, and servers located in physically secure buildings
- Zoning and LUN masking appropriate to current business needs
- Processes that team up the multiple specialties for system architecture change
- Testing and quickly implementing new software patches and firmware versions
The eternal fact remains that security depends on what is going on between a human's two ears (the wetware). FBI statistics show that 50 to 80 percent of security breaches originate inside the firewall. This means that if a company is attacked, the odds are that a co-worker is the culprit, whether that be a disgruntled employee, an industrial spy, or just someone foggy from medication and having a careless day.
Further, the keepers of the keys and the guards at the gate are all potential targets for the seductive tricks of industrial and international espionage. Regardless of how closely guarded organizational passwords and keys may be, security comes down to the age-old question of "Who will watch the Watchers?"
This is a tough look at security. Many companies simply are not ready to confront the "50% to 80%" statistic. Investing in hardware, software, and badge readers is easier to understand and approve than addressing people problems. Yet the hard truth is that security crosses over into Corporate Ethics, Human Resources, and Line Management.
Keeping people happy with their jobs and loyal to the company is the sunny side of corporate security. Demanding periodic drug tests and background screening of new employees is the darker side. In these difficult times of downsizing, suspended pay raises, and unpaid overtime, all levels of management must work creatively to maintain employee morale — including their own. Building high morale and loyalty in that wetware between the human ears goes a very long way towards transforming an M&M SAN into one that’s a tough nut to crack.
Feature courtesy of Enterprise IT Planet.