How SMBs can ensure storage security

Find out where you're vulnerable. No firewalls, IPS or access controls are going to provide 100% security. It's almost guaranteed that something is vulnerable somewhere in your data storage environment. Storage-related systems connected to the network can almost always be breached with the right tools and techniques. Look at your systems from every possible angle -- both logged-in and not logged-in, inside the network and out.

Take an inventory of what's where. In any organization, there can be an unbelievable amount of unstructured information scattered across the network that is unprotected. Chances are some of this information is housed in your storage area network (SAN), network-attached storage (NAS) or direct-attached storage (DAS) systems. In order to protect what you have in your storage environment, you have to determine what files are where and who has access.

Do what you can to get management's ear on storage security issues. The business needs storage security and you must be able to communicate why. At a minimum, you've got show what can happen when critical storage systems are not properly protected. Present storage security issues to management in the context of the industry and your business. Also, keep them in the loop by showing how security controls are minimizing risks to the business.

Put together storage information security policies and get a commitment from management to support them. Policies not only serve to guide the organization but they also come in handy if and when something does happen. Properly written and well-communicated policie

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SMB storage tips Data retention policies and procedures for SMBs Ten signs you're ready for a storage area network (SAN) Controlling unstructured file data storage growth: Five storage reduction tips Networked data storage for SMBs: Five signs you need to ditch direct-attached storage How SMBs can save on disk array power costs Using an autoloader tape drive for data backup in SMBs Tiered data storage strategies for SMBs SaaS shopping list for SMBs Blade storage for SMBs: The pros and cons Hosted email archiving services meets SMB's growing needs Small-midsized Business Data Storage Strategy SMB data storage podcasts: Trends and strategies in SMB storage Keeping thumb drive storage secure through encryption and policies The benefits and risks of online data backup and cloud services for SMBs Data retention policies and procedures for SMBs Fujitsu introduces the Eternus DX60 and DX80 midrange disk arrays Storage resource management tools for SMBs Ten signs you're ready for a storage area network (SAN) Controlling unstructured file data storage growth: Five storage reduction tips How SMBs can save on disk array power costs Microsoft refreshes Windows Storage Server 2008

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

s can literally be the saving grace for your business if a breach is contested or goes to court. Some specific policies that should include storage security within their scope are:

Remember that storage falls into the scope of literally every security regulation. From HIPAA to SOX to PCI, if your storage environment is not secure, then compliance is merely an assumption. Be sure to include all storage-related systems in your overall security management.

Test your storage systems for security holes just like you would any other system. Look for network, OS and application-specific vulnerabilities as well as storage-specific flaws that can be exploited. Running security tests periodically and consistently, and using ethical hacking tools and techniques plays a key role in minimizing storage weaknesses. Unfortunately, it's often overlooked or taken for granted.

Focus your efforts where they count by protecting data at rest rather than data in transit. Odds are that someone is going to abuse sensitive information when it's sitting in your storage environment.

Don't rely on storage encryption 100% of the time. Encrypting data at rest can be a great last line of defense, but it can be pricey for SMBs. Furthermore, if it's not implemented and managed correctly, any intended benefits are quickly sapped away. So think and plan ahead before you proceed. Once you've implemented some of the simpler controls outlined here, move on to storage encryption.

Don't be afraid to admit you can't do it all. Storage can be complicated. There's no shame in bringing in a storage expert to help with implementation or administration, or a security expert to help with security efforts.

With too little time and too little budget, SMB storage security is often an afterthought. If you go through this list and spend some minimal resources wherever possible, you'll have accomplished one of the most important feats of information security: locking down the crown jewels in your storage environment.

About the author: Kevin Beaver is an independent information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC where he specializes in performing independent information security assessments. Kevin has authored/co-authored seven books on information security including "Hacking For Dummies" and "Hacking Wireless Networks For Dummies" (Wiley). He's also the creator of the "Security on Wheels" information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.

Do you have comments on this tip? Let us know. Please let others know how useful this tip was via the rating scale below.

Do you know a helpful storage tip, timesaver or workaround? Email the editors to talk about writing for SearchSMBStorage.com.

Rate this Tip To rate tips, you must be a member of SearchSMBStorage.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.