According to the 2001 Top Ten Technology List published by The American Institute of Certified Public Accountants (AICPA), information security and control ranks as the number one concern in the CPA profession. However, Steve Munroe, chief operating officer for Interliant, a global provider of managed application hosting and professional consulting services, says that designing a secure storage architecture alone isn't enough.
"The majority of security breaches occur in-house," Munroe says. "You can architect great technology, but if you have a password problem, or if people are not following procedures, it won't do any good."
To improve the security for your data, Munroe recommends the following:
- Perform routine backups of your operating system, programs, applications and all data files. "Without backups, most businesses never fully recover from data loss," Munroe says. "Tapes should be stored in a fireproof vault with duplicates periodically sent to a secure facility offsite, not to an employee's home."
- Separate your back-up network from main traffic. "Don't back up secured data over a network that everyone else uses," he says. "Restricting access to the back-up network will allow you to more effectively control access to back-up equipment and applications."
- Make sure your back-up equipment, tape library and tapes are kept in a secure area. "The room that houses your back-up server, tape library, and backup tapes
- should be locked," Munroe says. "Only authorized personnel should be allowed to enter this secured area."
- Make sure that the personnel charged with performing backups are competent. "Train personnel in charge of performing backups to use written procedures that follow good security practices," he says.
- Make sure all locations are using secure backup procedures. "If you have multiple locations, make sure someone at these remote facilities owns and follows back-up and security policies," he says.
- Make sure that your security policies are being used. "Ignoring policies fosters cynicism and the belief that management isn't really concerned about security," Munroe says. "Conduct staff awareness and training programs emphasizing the importance of following backup procedures and maintaining security."
Linda Christie is a contributing editor based in Tulsa, Oklahoma. She's a regular contributor to the biweekly "Storage Management" newsletter pulished by SearchStorage.com.
For more information, visit these resources:
- Featured Topic: Securing your SANs
- Best Web Links: Data protection
- Network Security Tip: The five A's of functional SAN security
This was first published in March 2003