Data storage security issues for SMBs

Security is a multifaceted practice that requires visibility into internal and external information flows of the company, including online data storage and archives. To achieve a secure business and technical environment, companies need to start with understanding their business process flows from start to finish.

With a comprehensive understanding of how confidential information is gathered, disseminated, stored, accessed and archived, SMBs can identify their data storage security strengths and weaknesses. This information provides businesses with an identified starting point for enhancing their internal security policies. This initial first step also provides the foundation for developing and establishing a documented security policy, which is a requirement for compliance.

When securing and storing sensitive data, SMBs should look into the following internal areas:

1. Implement storage security with access controls. In a world of virtual and mobile workers, applications in the cloud and ubiquitous network access, defining and establishing role-based access controls to store and archive company information is critical. SMBs need to identify, define and establish who needs to have electronic access to real-time and stored information.
2. Establish physical access controls for all storage sources. Just as the firm has defined role-based electronic access to sensitive information, it also needs to establish access to the physical equipment. All of the storage devices need to be secured from broad access. In addition, laptops, PDAs and intelligent mobile devices need to have security software installed that prevents random access to the content. Theft of mobile devices is on the rise and the ability to remotely secure them needs to be part of the firm's security policy.
3. Develop a written storage policy for the company and enforcing it. SMBs need a written storage policy that all employees are made aware of and is enforced. The written policy must include type and frequency of backups of critical files, folders and software, who is responsible for conducting the backups, who is responsible for securing the data set, how the data will be secured, and for how long. The written storage policy must include information regarding the use of USB storage devices. There are several thumb drives on the market that also provide AES-based encryption. IronKey, Kingston Technology Co. and SanDisk Corp. all manufacture secure USB storage devices. The written storage policy needs to include approved vendor devices to ensure maximum compliance.
4. Be extra sensitive about smart phones as storage devices. Smart phones and PDAs provide employees the opportunity to store highly sensitive information at their fingertips, such as customer and vendor contact information. These devices also provide links and access directly back to the company's email server and network. Smart phones and PDAs, while supporting increased productivity, are also a security risk. At a minimum, the company's storage security policy must mandate that these devices enable the password protection capabilities that are embedded. For additional security features, such as remote wiping capabilities due to loss or theft, consider implementing solutions available from Bluefire Security Technologies, Credant Technologies or Trust Digital.
5. Leverage your technology partners' expertise. Whether you store and secure your customer and employee data in-house or use a service provider, there isn't a single piece of hardware or software you can install to be compliant with all regulations. Part of a service provider's responsibility is to stay up-to-date on storage solutions, emerging legislation and how changes in these markets impact their customers. Leverage your technology partners' vast expertise and use them in an advisory capacity. Communicating your storage and security needs with your business partners will strengthen and enhance the relationship. Their goal is to provide support to their customers. Let them do that by communicating your business needs.

These are a few areas where a company needs to be sensitive to its storage security policy. Security is not a one-time implementation and must be viewed as an ongoing practice. Secure business practices improve a firm's ability to demonstrate its compliance with regulations. Heightened storage security awareness and practices can also add to enhanced customer confidence and potentially attract new business.

Martha Young is co-founder and CEO of Nova Amber LLC, a business consulting company specializing in business process virtualization. She has co-authored three books on virtual business processes: "The Case for Virtual Business Processes," "The Virtual Worker's Handbook" and "iExec Enterprise Essentials Companion Guide."

Rate this Tip To rate tips, you must be a member of SearchSMBStorage.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT SMB storage tips Conducting a DR Test for SMBs MAID and other energy-saving storage technologies for SMBs Top questions to consider when consolidating SANs How to secure mobile data on USB drives for SMBs The pros and cons of thin provisioning How SMBs can ensure storage security How to establish a recovery time objective RAID levels and application suitability, Part one Seven steps for outsourcing data storage for SMBs SMB capacity planning: Focusing on energy conservation Small-midsized Business Data Storage Management HP boxes up storage, servers to help SMBs manage storage Optical storage still evolving SMB capacity planning: Focusing on energy conservation Tiered storage for SMBs What should you consider before doing email archiving in-house? What's the biggest mistake you see small-midsized businesses (SMBs) make when getting started with email archiving? What is the difference between backing up your email servers and an email archive? Who are the major players in the hosted email archiving space? For an SMB, what are the advantages and disadvantages of an in-house email archiving system vs. a hosted system? Does hosted email archiving require significant bandwidth? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.