Data storage security issues for SMBs

Security is a multifaceted practice that requires visibility into internal and external information flows of the company, including online data storage and archives. To achieve a secure business and technical environment, companies need to start with understanding their business process flows from start to finish.

With a comprehensive understanding of how confidential information is gathered, disseminated, stored, accessed and archived, SMBs can identify their data storage security strengths and weaknesses. This information provides businesses with an identified starting point for enhancing their internal security policies. This initial first step also provides the foundation for developing and establishing a documented security policy, which is a requirement for compliance.

When securing and storing sensitive data, SMBs should look into the following internal areas:

1. Implement storage security with access controls. In a world of virtual and mobile workers, applications in the cloud and ubiquitous network access, defining and establishing role-based access controls to store and archive company information is critical. SMBs need to identify, define and establish who needs to have electronic access to real-time and stored information.
2. Establish physical access controls for all storage sources. Just as the firm has defined role-based electronic access to sensitive information, it also needs to establish access to the physical equipment. All of the storage devices need to be secured from broad access. In addition, laptops, PDAs and intelligent mobile devices need to have security software installed that prevents random access to the content. Theft of mobile devices is on the rise and the ability to remotely secure them needs to be part of the firm's security policy.
3. Develop a written storage policy for the company and enforcing it. SMBs need a written storage policy that all employees are made aware of and is enforced. The written policy must include type and frequency of backups of critical files, folders and software, who is responsible for conducting the backups, who is responsible for securing the data set, how the data will be secured, and for how long. The written storage policy must include information regarding the use of USB storage devices. There are several thumb drives on the market that also provide AES-based encryption. IronKey, Kingston Technology Co. and SanDisk Corp. all manufacture secure USB storage devices. The written storage policy needs to include approved vendor devices to ensure maximum compliance.
4. Be extra sensitive about smart phones as storage devices. Smart phones and PDAs provide employees the opportunity to store highly sensitive information at their fingertips, such as customer and vendor contact information. These devices also provide links and access directly back to the company's email server and network. Smart phones and PDAs, while supporting increased productivity, are also a security risk. At a minimum, the company's storage security policy must mandate that these devices enable the password protection capabilities that are embedded. For additional security features, such as remote wiping capabilities due to loss or theft, consider implementing solutions available from Bluefire Security Technologies, Credant Technologies or Trust Digital.
5. Leverage your technology partners' expertise. Whether you store and secure your customer and employee data in-house or use a service provider, there isn't a single piece of hardware or software you can install to be compliant with all regulations. Part of a service provider's responsibility is to stay up-to-date on storage solutions, emerging legislation and how changes in these markets impact their customers. Leverage your technology partners' vast expertise and use them in an advisory capacity. Communicating your storage and security needs with your business partners will strengthen and enhance the relationship. Their goal is to provide support to their customers. Let them do that by communicating your business needs.

These are a few areas where a company needs to be sensitive to its storage security policy. Security is not a one-time implementation and must be viewed as an ongoing practice. Secure business practices improve a firm's ability to demonstrate its compliance with regulations. Heightened storage security awareness and practices can also add to enhanced customer confidence and potentially attract new business.

Martha Young is co-founder and CEO of Nova Amber LLC, a business consulting company specializing in business process virtualization. She has co-authored three books on virtual business processes: "The Case for Virtual Business Processes," "The Virtual Worker's Handbook" and "iExec Enterprise Essentials Companion Guide."

Rate this Tip To rate tips, you must be a member of SearchSMBStorage.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT SMB storage tips Disaster recovery technology considerations for smaller businesses: DR strategies for SMBs Adding a NAS device to your data storage environment: A checklist for smaller businesses Developing a small business disaster recovery plan: Disaster recovery procedures for SMBs Data center migration tips for SMBs The pros and cons of tape media storage for backup and recovery in SMB environments Hot data storage technologies for SMBs: Storage trends for 2010 Data protection and data security for corporate laptops in SMBs Top five SMB data storage management tips Top five storage area network (SAN) management tips for SMBs in 2009 Top 10 data backup and recovery storage tips for SMBs in 2009 Small-midsized Business Data Storage Management SMB data storage briefs: Carbonite launches online data backup service for SMBs Data center migration tips for SMBs SMB data storage briefs: FarStone releases Total Backup Recovery 7 for SMBs RAID disk arrays in small business data storage environments Data file archiving for small businesses: Determining what file archive tools to use for your SMB Hot data storage technologies for SMBs: Storage trends for 2010 Iomega portable hard drives can store and sync virtual PC images with v.Clone Data protection and data security for corporate laptops in SMBs Top five SMB data storage management tips What is thin provisioning and how does it work? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.