Integrated Standards For Storage Security Lacking: Experts - InformationWeek
IoT
IoT
News
News
7/17/2007
04:16 PM
50%
50%

Integrated Standards For Storage Security Lacking: Experts

Vendors need to come out with open products that integrate encryption, access control, and auditing.

Businesses need to integrate various technologies to tighten storage security in response to regulatory pressure, a storage advisory group said Tuesday.

Wikibon, a newly formed community of experts that offers free research and advisory services, hosted a teleconference to assess the state of storage security and technological advancements.

Companies need to integrate compliance requirements with life cycle management, "so that data is secured and you can track it from beginning to end," said David Floyer, a former IDC analyst and one of the founders of Wikibon.

Floyer said encryption is one way to secure data when it comes to storage, but it's just part of the solution. It's not feasible to encrypt all data in a data center, since the volumes of data are typically too large and there are too many servers accessing data, among other factors. It makes sense to encrypt data where there's a regulatory requirement, such as personal records. Encryption also makes sense when transporting data over a network or physically by tape, Floyer said.

Access control is the other piece of the puzzle. It helps prevent people from gaining unauthorized access to data through a corporate network. As a result, more businesses are making it a requirement to integrate network security and storage security through the use of Internet Protocol storage.

"The uncomfortable answer for organizations is that 90% of data exposure comes from within the organization. You have to understand who looked at what when and who changed what and when. You need to know that it happened and deter people," said Floyer. Audit trails are necessary.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll