Storage Networks: One More Potential Weak Link - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure
06:02 PM

Storage Networks: One More Potential Weak Link

Data moving across storage networks is the most exposed information. Storage networks connect with the Web in more ways than via host servers and direct-attached storage, making them greater security risks. Yet a recent survey conducted by InformationWeek's sister publication, Network Computing, illustrates that the need for storage security isn't always translated into action.

Nearly 70% of the 635 business-technology professionals surveyed say their companies need storage-specific se- curity. Many have plans to increase security for host servers, storage area network systems, and associated interfaces. That's smart when you consider that attacks come in primarily over the Web and the network.

Storage Lockdown pie chartHowever, when a smaller group was asked whether storage is included in network-penetration tests at their companies, nearly a third, or 30%, of these 320 respondents say storage isn't part of penetration testing, while another 18% say their companies don't perform network-penetration tests.

Before regulatory compliance, nobody got jail time for lost or compromised data or paid millions of dollars in fines. Now any company can be pulled into court and asked to produce evidence of security procedures or face penalties. So are compliance regulations forcing companies to re-evaluate their storage-security practices? Network Computing's survey found that nearly 60% of respondents say federal regulations have had some effect on their companies' storage-security procedures. More than one in 10 says regulatory compliance has improved storage-security practices.

Several issues get in the way of providing adequate storage security, survey respondents say, including lack of communication and understanding between security and SAN groups, inadequate executive involvement, and isolated management of networks.

So, what's keeping your company from safeguarding its storage network? Let us know.

Martin J. Garvey
Senior Editor
[email protected]

Planned Expansion bar chart
Planned Expansion

What areas of storage security is your company considering increasing?

When asked which areas of storage security companies are considering increasing, a third of business-technology professionals that Network Computing surveyed say SAN data at rest and nearly 30% say SAN data in motion. Slightly less than a quarter say IP or Fibre Channel SAN interfaces and SAN management ports are targeted for more security.

Regulatory Impact pie chartRegulatory Impact

What effect have recent federal regulations had on storage-security procedures?

Federal regulations are having a mixed impact on storage security. Only 17% of 319 sites report regulatory compliance has spurred plans to update storage-security technologies. Even fewer companies--12%--credit federal regulations with improvements in storage-security procedures. For some companies, compliance has spurred executive involvement. This may change as more companies are held publicly accountable for breaches to the information they store.

Security Struggles bar chartSecurity Struggles

What do you consider hurdles to effective enterprise-storage security?

Regardless of which approach delivers the best capacity, a consensus is that management apps and tools are critical to a successful storage strategy. Yet ongoing maintenance costs are one concern that companies have in achieving effective enterprise-storage security. Forty-six percent of business-technology professionals Network Computing surveyed report that ongoing maintenance expenses are a hurdle in realizing storage safety.

Storage Testing pie chartStorage Testing

When your company conducts network-penetration testing, is storage included?

About half of companies surveyed might not conduct network-penetration testing or include storage as part of formal network-penetration tests. However, another half of sites do include storage in their network tests. Yet less than 10% of the companies performing storage-penetration tests conduct them with employees who work outside the corporate headquarters. This is surprising, as research shows that these individuals are often the workers who enable malware attacks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll