Securing Your Storage
Once dominant in ensuring data accessibility and longevity, backup tapes have taken a backseat to storage security appliances and tape-level encryption — better, faster technology for companies ranging from the fastest-growing tech firms and domestic and foreign governments to multinational corporations and small to midsize enterprises.
Improved technology is not the reason the public and private sectors are eagerly adopting new storage security solutions, however.
“Compliance, data-privacy concerns and keeping out of headlines are the key drivers for storage security,” said Dore Rosenblum, NeoScale vice president of marketing.
The Milpitas, Calif.-based storage security company has heard as much from its clients and confirmed this feedback with a recent survey conducted by Taneja Group. Sixty-one percent of respondents sought storage security that complies with HIPAA, the Gramm-Leach-Bliley Act, the PCI Data Security Standard or Sarbanes-Oxley regulations, which puts a real fiduciary focus on data protection, said Michael Willett, Seagate Technology director of research.
Additionally, 57 percent desired protection against data privacy breaches and liabilities. Forty-three percent don’t want the media attention given to the likes of The TJX Cos. (which include TJ Maxx and Marshalls).
Rosenblum said companies are exhibiting an increasing sense of urgency in regard to establishing appropriate storage encryption and key management personnel who secure sensitive corporate and customer data.
“The size of investment varies as broadly as the solutions that are available today,” Rosenblum said, as well as the number of physical locations and data sets requiring encryption.
Very little investment is required, though, Willett said. Full-disk encryption (with the hardware encryption directly on the drive) does not cost as much as software solutions.
The first and easiest way to secure your data storage is to employ full-disk encryption on computer hard drives. It protects laptop and server data in case of loss or theft. It also protects the 43 percent worried about scathing newspaper headlines in the event of a data breach.
“Thirty-six states have passed laws covering disclosure in case of sensitive data loss, but an exemption is granted for encrypted data,” Willet said.
He also said computing and network systems will come with full-disk encryption de facto and at an affordable price.
“Storage companies are accustomed to building hardware or firmware (software that is embedded in a hardware device) with high performance and reliability at low cost.”
But something has to give in corporations so that they adequately protect their data assets, Willett said. “Storage is the least-covered point in the life cycle of data from a security perspective, which is ironic because data spends most of its useful life in storage, not in computation or transit,” he said.
To start properly securing their data storage, Rosenblum recommends those charged with the responsibility answer the following questions:
- What level of security do I need?
- What is the best option to encrypt my data — applications and severs, storage devices or appliances? What are the pros and cons of each?
- What solutions guarantee minimal negative impact to network availability and productivity, the lowest cost, systems interoperability and investment protection?
“No cost of deployment is significant compared to the consequences of a data security breach — financial loss (penalties, recovery costs, loss of productivity), tarnished brand and lost customer trust,” Rosenblum said. The Taneja research revealed that for 68 percent of respondents, storage security is a top-five spending priority.
As for ensuring all storage security components are working together for the best asset protection, NeoScale promotes the use of a key management service network that connects multiple key managers and encryption endpoints. “This model benefits customers by ensuring business continuity, increasing data security and automating key management processes when sharing sensitive information across the enterprise,” Rosenblum said.
Kelly Shermach is a freelance writer based in Brooklyn, N.Y., who frequently writes about technology and data security. She can be reached at editor (at) certmag (dot) com.