Data moving across storage networks is the most exposed information in an enterprise. Storage networks connect with the Web in more ways than via host servers and direct-attached storage, making them greater security risks. Yet a recent survey conducted by Bank Systems & Technology's sibling publication, Network Computing, illustrates that the need for storage security isn't always translated into action.
Nearly 70 percent of the 635 business-technology professionals surveyed say their companies need storage-specific security. Many have plans to increase security for host servers, storage area network systems and associated interfaces. That's smart when you consider that attacks come in primarily over the Web and the network.
However, when a smaller group was asked whether storage is included in network-penetration tests at their companies, nearly one third, or 30 percent, of the 320 respondents say storage isn't part of penetration testing, while another 18 percent say their companies don't perform network-penetration tests at all.
Before regulatory compliance, nobody got jail time for lost or compromised data or paid millions of dollars in fines. Now, any company can be pulled into court and asked to produce evidence of security procedures or face penalties. So, are compliance regulations forcing companies to re-evaluate their storage-security practices? Network Computing's survey found that nearly 60 percent of respondents say federal regulations have had some effect on their companies' storage-security procedures and more than one in 10 say regulatory compliance has improved storage-security practices.
Several issues get in the way of providing adequate storage security, survey respondents say, including lack of communication and understanding between security and SAN groups, inadequate executive involvement and isolated management of networks.
Courtesy of InformationWeek, a CMP Media publication.