The ‘Other’ CIA – Part of Achieving a Secure Storage Infrastructure

Plan, Audit, Integrate, Test — Keys to Storage Security

Kurt Hildebrand

In an era when data breeches can cost hundreds of millions of dollars, having a secure storage system is critical.

But security isn’t just about protecting against breeches; it’s about setting your company up for the future. Having the confidence that your storage system is secure lays the foundation for moving to new technologies like cloud deployment and storage virtualization – strategies that provide the flexibility and efficiency you need to innovate and grow. To make sure your data storage system is robust, you need to examine it systematically and test its capabilities. Here are some considerations to include in your data security analysis:

Planning: First, categorize your data according to security risks. A tried-and-true framework is “CIA” – confidentiality, integrity, and availability – which you can use to decide which information needs to be encrypted. If you use NAS or SAN, examine the way you manage the encryption keys and build in access controls for various levels of data. This is also a good time to clean out your system and get rid of duplication. They not only slow you down, but you may find you are storing information you should delete. Tools are available to reveal the rate of your storage growth, file duplication, and file types. Finally, you should examine your disaster recovery plan.

Integration: You should have a policy governing how both encrypted and non-encrypted data is handled while in transit through the SAN. You should systematically analyze, cleanse, monitor, and manage data so that your company spends its time extracting value from it instead of trying to fix databases and applications that don’t get along with each other.

Audits: Security risks evolve, and to keep up with threats, your auditing procedures should too. An audit should examine data center personnel, policies and procedures, equipment, and backup procedures, as well as physical security. Auditing is particularly important before you launch a new product or service. Developers are often in a rush to bring products to market, and security controls may get pushed to the sidelines.

Testing: Testing should be end-to-end. At every point the data moves through, the quality assurance team needs to verify that results are what they should be. Start with a small, static test database, then expand to all areas. You can use tools to automate and speed up this process.

Security is not an afterthought – it’s a vital part of your storage system. An up-to-date, well-functioning security system will not only keep your data safe, it will eliminate problems and redundancies, setting you up for a smooth transition to more efficient technologies.