COMPLIANCE COUNSELOR
Best principles for storage security
Vijay Ahuja
03.04.2003
Rating: --- (out of 5)
Security of your enterprise is driven by the policies and practices in place. From a business perspective, storage security should be evaluated as any other technology. So, first evaluate the critical assets of the corporation. When deciding to invest in technologies to secure those assets, try the following rules of thumb:
In this newsletter, we discuss the best practices for storage security, focusing on the multi-layered security design, security policies and hardening.
Designing security should be a two-pronged strategy: secured data overlaid with layers of peripheral security. Data is secured by securing the four "touch points."
For each "touch point", there are a variety of technologies to ensure security. For example, you can use authentication and access control schemes to control access to data. In parallel with securing data, there has been significant work underway to develop multi-layered security zones. The DMZ (Demilitarized Zone) was the first appearance of a two-layered security. You may introduce additional layers of security within the intranet to secure your application servers and databases. For storage network, you may want to place it behind the application servers with another firewall or a filter. This layer should be in addition to the layers securing your application servers. Examples for secure zones to protect storage data, include the SMZ (Secure Management Zone) approach by McDATA and VSANs (Virtual Storage Area Networks) by Cisco.
Most corporations have well defined security policies in place. However, for storage security, the policies must also address issues specific to storage da
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ta. First, it must state the format for different types of data has to be kept in storage. For example, sensitive data must be encrypted, corporate confidential data must be encrypted, e-mails can be stored as plain text, partner data must be encrypted with different keys and so on. The policy must also state how the corporate data and the management data (of storage network) must be handled while in flight through the storage area network. This part of the policy will be dictated by the various audit and legislative requirements and partner agreements.
Hardening of the platforms is becoming a common practice. This is one of the cheaper ways to resist most of the common attacks. Disable all the unnecessary services form the operating system platform. Additionally, apply all the security fixes that have been issued by the platform vendor. It is often stated that about 80 percent of the attacks exploit well-known vulnerabilities for which the software patches are available, but the companies have not applied them.
Finally, in order to design your storage security, you must outline some guiding principles that dictate the above security designs and policies. Following is a sample list to get you started securing your stored data:
About the author
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.
For more information, visit these resources:
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
