Storage and security: why storage solutions and data security must go hand-in-hand

Computer Technology Review, March, 2004 by Fred Moore

For years, the data storage industry has continued to improve the availability, reliability and security of its storage subsystems. These key attributes have continually been addressed by improving the reliability of the disk drives, introducing RAID capability, and providing a variety of data replication techniques such as mirroring, snapshot copy and journaling. These solutions delivered significant improvements for protecting data from a variety of storage hardware and subsystem failures.

[ILLUSTRATION OMITTED]

With devices becoming increasingly more reliable in protecting against device and component failures, valuable data is now being exposed to even higher risks as a result of destructive worms, viruses and spam as the wave of hackers and terrorists worldwide gains momentum. Recovery from an intrusion is difficult and the impact of an intrusion is destructive as permanent data loss frequently results, unless special procedures are implemented. The looming threat to delivering high data availability is now the "intrusion factor" and storage security has become the newest storage management discipline. These threats can be either internal or external in origin. In reality, there is no silver bullet in place to implement a bulletproof and secure IT infrastructure; however, minimizing security risks has become the top priority for many IT organizations and accomplishing this task is possible, though costly.

New Types of Threats

Human error, hardware failure, software, and natural disasters have been the major causes of data loss. In 2003, four out of five businesses were hit by a virus or worm and threatened data integrity, according to a survey of 404 security decision makers by The Yankee Group. Denial of service attacks were cited by two out of five businesses as the second most common threat. Even the most well prepared and security-aware business can be exposed. For example, if an employee's mobile notebook computer is infected with some type of spy-ware and the user later logs on to the corporate network, the corporate infrastructure becomes vulnerable and can be attacked. A business has no control of what type of software someone installs at home. Hackers are more common than one might imagine, as they now have quarterly meetings and publish "The Hacker Quarterly" magazine.

Storage Security Arrives

As a result of events in the past several years, storage and security now go hand-in-hand. Storage security has become a relatively new and critical discipline for the IT industry, integrating important security aspects from both the storage and network industries. The key objective of a solid storage security strategy is to maintain the availability and integrity of data. Some businesses are beginning to implement the new position of Corporate Security Officer. It is important for a business to understand and assess the status of security for the current IT environment. From the initial baseline assessment, a storage security strategy can be developed to address existing risks and to meet the goals of each business or for each department within a business.

To provide security protection ahead of the networked storage infrastructure, firewalls, virtual private networks, authentication-based access control, filtering and active monitoring of attackers can provide significant help in securing all gateways and connections. Securing network access at the gateway is not enough. Passwords were once an acceptable way to provide access controls but are no longer effective. Biometric technologies using human and genetic characteristics are expected to provide significant security benefits, but the costs of retinal scan, finger-print and other identifier technologies presently remain out of reach for most businesses.

For primary and secondary storage, legal data encryption, LUN masking, zone settings, remote vaults, mirroring, snap-shot and replication technologies all will improve data-protection capability. Each of these measures also has its own set of challenges to consider, making intrusion-identity management very complex. In the future, platform-independent data security appliances may evolve to provide fast and transparent access to encryption, compression, authentication and biometric services. The metadata that is created from security services and appliances will, in itself, become mission-critical data and require mirroring, encryption or advanced replication capability.

Storage security is becoming essential for the survival of most businesses and the following related statistics might be surprising:

* It is estimated that 70% of all companies go out of business after a major data loss

* About 20% of all businesses experience a major disaster every five years

* Approximately 35% of disaster recovery plans work when tested

* The security market is expected to grow from $17 billion in 2001 to nearly $45 billion in 2006

The high-availability data replication technologies such as mirroring, point-in-time copy, snapshot copy, journaling and their derivatives are readily available from most storage vendors. Encryption, for example, has traditionally been focused on data in transmission. Is data in transmission more vulnerable than stored data? Evidence suggests that that stored data may now be more vulnerable as a result of the "intrusion factor". Encryption is moving from a network discipline into storage. Mission-critical data, estimated to be no more than 15% of stored digital data, may now warrant encryption. If data is encrypted and stored, data can't be read if the encryption key or access passwords are lost. It is important for businesses to classify their data and establish the appropriate storage security disciplines to meet the availability and security requirements for businesses.