Why Secure Storage Networks?

Author: George Pettit

Author: George Pettit

Storage networks are predominantly used by organisations to centrally manage their data, reduce hardware costs (cost of server hardware, software, installation and maintenance) and downtime (when adding extra storage), effectively manage storage resources, and overcome computing power and storage scalability issues that the independent storage for each system approach is affected with. These networks are regularly used to store critical information the compromise of which could affect the organisations competitive edge, cash-flow, profitability, legal and regulatory compliance, and corporate image. Storage Area Networks (SANs) and Network Attached Storage (NAS) are the two types of storage networks used primarily. The two storage networks differ in various aspects; however, both these technologies were built with functionality in mind and not security, and are riddled with vulnerabilities that adversely affect the confidentiality, availability and integrity of the information stored within these networks. Serious vulnerabilities exist within these technologies that could allow unauthorised, (and in various cases) unauthenticated access to stored information. The support for IP based connections, iSCSI in SANs, and IP connections in NAS increase the accessibility but also enlarges the attack surface. Additionally, organisations often contract third party service providers for deploying and maintaining the storage infrastructure. In many cases, the management of user permissions on the data is also outsourced to the service provider. This adds to the number of personnel who could access the organisations data and the locations where the data can be accessed from (if management is outsourced, the storage infrastructure and data could be accessible from all locations where the support staff is based). Storage vendors have recently started realising the need for security and are now bundling network storage devices features that help secure the SAN and NAS environments; however, these features are not configured as factory defaults, and the lack of secure storage configuration policies, standards and guidelines at the organisation/service provider level introduces considerable weaknesses in the storage network environment. The security of storage is paramount due to the criticality of information stored, the abundance of security weaknesses in the technology and due to the ever growing compliance and regulatory requirements. The process of securing storage environments should start with strict organisational policies targeted towards storage networks. Secure configuration standards and guidelines should then be developed and enforced in-line with vendor and industry best practices.About the Author:

Sense of Security will continue to focus and innovate as an Information Security leader to government, non-profit and commercial entities. Sense of Security has offices in Sydney and Melbourne and is expanding in 2010.

POST COMMENT

Storage Lockers Keep Your Employees Belongings Safe Steel Shed Storage Options R4 Dsi For Data Storage Do Not Throw Away Old Memories- Keep Them In Domestic Storage Moving Out In Style: Get Domestic Storage Using A Domestic Storage Facility To Your Advantage Garage Storage: Shelving Asian Data Storage Solutions And Virtualization Earn Extra Cash For Christmas With A Storage Sale Fat Burning Or Fat Storage You Have Hormones to Do Both Make Extra Room By Placing Your Items In Storage Car Storage Miami Data Storage Device-sandisk Micro Sd