_________________________________________________________ Top 10 ways to secure your stored data Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity logs taking action as needed.
http://cwflyris.computerworld.com/t/739757/107300/28706/2/ Top 10 ways to secure your stored data Greg Schulz August 03, 2006 (Computerworld) Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information. While data encryption is a popular topic, it is just one of many techniques and technologies that can be used to implement a tiered data-security strategy. Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity logs taking action as needed. Figure 1 below shows common areas of focus pertaining to securing stored data while at rest (being stored) and while in flight (being moved or accessed). Data movement is required for authorized general access, business continuance (BC) and disaster recovery (DR), general data protection as well as archiving for data preservation and compliance. In no particular order, here are 10 items to consider as part of securing your stored data in addition to those in Figure 1. <http://www.computerworld.com/common/images/site/features/data_large.gif> Figure 1 Figure 1 (Click image to see larger view) * Implement a tiered data protection and security model including multiple perimeter rings of defense to counter applicable threats. Multiple layers of defense can isolate and protect data should one of the defense perimeters be compromised from internal or external threats. * Include both logical (authorization, authentication, encryption and passwords) and physical (restricted access and locks on server, storage and networking cabinets) security. Hopefully, the closets in your facility for cleaning personal and their tools are separate from where you keep your storage and networking cabling and tools. Physical security includes maintaining a low profile. For example, if yours is the only building with lights on during a heat-wave-induced electrical power blackout, at least turn your outside lights off as well as other lights that can be seen from the outside so as to not draw unwanted attention. * Logical security includes securing your networks with firewalls, running antispyware and virus-detection programs on servers and network-addressed storage systems. No storage security strategy would be complete without making sure that applications, databases, file systems and server operating systems are secure to prevent unauthorized or disruptive access to your stored data. Implement storage system based volume or logical unit number mapping and masking as a last line of defense for your stored data. * Speaking of physical security and access controls, change your key-code or door-lock combinations regularly, informing only those who need access. You might be surprised who stops by to ask for the access for the combination or password for something that you did know that they had access to in the first place. * Some storage and networking tools will encourage you to change management passwords at initial installation. I hope that this sounds like common sense, however, due diligence is to say the obvious -- change default passwords at installation and on an ongoing basis. Likewise, restrict access to management tools to those who need it. * Know who has physical access to fixed and removable data-storage media and devices. Leverage access logs as well as perform background checks of contractor and third-party personnel who will be handling your data and media. Identify where weak links are in your data-movement processes and correct those deficiencies. Data-discovery tools can be used to identify sensitive data that may not be adequately protected. * If you are currently moving data electronically to avoid losing tapes or are planning to, then make sure data being transmitted over a public or private network is safe and secure. Some techniqes to protect data while in-flight include encryption, virtual private networks and the IPSec protocol. * Data encryption is a topic people in the industry like to talk about, however, like other technologies, wide-scale mass adoption has been elusive. However, as a trend, encryption -- in some shape or form -- is here to stay and most likely is in your future. There is plenty of debate as to when (at rest, in flight), where (storage, network, appliance, servers) and how (hardware, software) to implement encryption. For now, consider what the level or depth of encryption you need to counter your applicable threats. Also, consider how key management will be performed for your environment. In addition, consider the potential effect on performance and interoperability for your environment when looking at data-encryption technologies. * Avoid letting data security become a bottleneck to productivity, because that is a sure way to compromise a security initiative. The more transparent the security is to those who are authorized to use the data, the less likely those users will try to circumvent your efforts. * Do you know if your data is safe, and do you know where your data is? See that backups and archives are secure, including the process of performing backups and recovery, along with where and how the data is stored. Consider how you will handle key management in a DR situation as well as for long-term retention. Have an understanding of how you will be able to unlock your data for regulatory compliance and archived data. Industry Web sites focused on data security include www.trustedcomputinggroup.org, www.sans.org and www.snia.org. The list of vendors with data-security systems, services or stories is constantly expanding. For example, EMC Corp. recently announced plans to acquire RSA Security Inc., Network Appliance Inc. bought Decru Inc., and Veritas Software Corp. was acquired by Symantec Corp. Additional companies that address data security include BitArmor Systems Inc., Cipheroptics Inc., Imation Corp., InfoGuard AG, IBM, Luminex Software Inc., NeoScale Systems Inc., Quantum Corp., Seagate Technology, Sony Corp., Spectra Logic Corp. and Vontu. Ask your storage hardware, network and software vendors how they secure their own environments, particularly if they are trying to sell you security technology or service. Avoid a security approach that makes productive work impossible; instead, strike a balance between applicable security to counter given threats and enabling work to be done. Greg Schulz is founder and senior analyst of <http://www.storageio.com> The StorageIO Group and author of the book Resilient Storage Networks <http://www.amazon.com/exec/obidos/redirect?link_code=as2&path=ASIN/15555831 13&tag=computerworld-20&camp=1789&creative=9325> (Digital Press, 2004). [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
