Storage Networks: One More Potential Weak Link

Data moving across storage networks is the most exposed information. Storage networks connect with the Web in more ways than via host servers and direct-attached storage, making them greater security risks. Yet a recent survey conducted by InformationWeek's sister publication, Network Computing, illustrates that the need for storage security isn't always translated into action.

Nearly 70% of the 635 business-technology professionals surveyed say their companies need storage-specific se- curity. Many have plans to increase security for host servers, storage area network systems, and associated interfaces. That's smart when you consider that attacks come in primarily over the Web and the network.

However, when a smaller group was asked whether storage is included in network-penetration tests at their companies, nearly a third, or 30%, of these 320 respondents say storage isn't part of penetration testing, while another 18% say their companies don't perform network-penetration tests.

Before regulatory compliance, nobody got jail time for lost or compromised data or paid millions of dollars in fines. Now any company can be pulled into court and asked to produce evidence of security procedures or face penalties. So are compliance regulations forcing companies to re-evaluate their storage-security practices? Network Computing's survey found that nearly 60% of respondents say federal regulations have had some effect on their companies' storage-security procedures. More than one in 10 says regulatory compliance has improved storage-security practices.

Several issues get in the way of providing adequate storage security, survey respondents say, including lack of communication and understanding between security and SAN groups, inadequate executive involvement, and isolated management of networks.

So, what's keeping your company from safeguarding its storage network? Let us know.

Martin J. Garvey
Senior Editor
[email protected]

Planned Expansion

What areas of storage security is your company considering increasing?

When asked which areas of storage security companies are considering increasing, a third of business-technology professionals that Network Computing surveyed say SAN data at rest and nearly 30% say SAN data in motion. Slightly less than a quarter say IP or Fibre Channel SAN interfaces and SAN management ports are targeted for more security.

Regulatory Impact

What effect have recent federal regulations had on storage-security procedures?

Federal regulations are having a mixed impact on storage security. Only 17% of 319 sites report regulatory compliance has spurred plans to update storage-security technologies. Even fewer companies--12%--credit federal regulations with improvements in storage-security procedures. For some companies, compliance has spurred executive involvement. This may change as more companies are held publicly accountable for breaches to the information they store.

Security Struggles

What do you consider hurdles to effective enterprise-storage security?

Regardless of which approach delivers the best capacity, a consensus is that management apps and tools are critical to a successful storage strategy. Yet ongoing maintenance costs are one concern that companies have in achieving effective enterprise-storage security. Forty-six percent of business-technology professionals Network Computing surveyed report that ongoing maintenance expenses are a hurdle in realizing storage safety.

Storage Testing

When your company conducts network-penetration testing, is storage included?

About half of companies surveyed might not conduct network-penetration testing or include storage as part of formal network-penetration tests. However, another half of sites do include storage in their network tests. Yet less than 10% of the companies performing storage-penetration tests conduct them with employees who work outside the corporate headquarters. This is surprising, as research shows that these individuals are often the workers who enable malware attacks.