In light of a number of recent breaches spanning healthcare, retail, and even government, I thought it would be nice to take a second and focus on storage and security. Here’s the reality: with so many new types of applications being developed (both internally and in the cloud), new concepts around security are emerging which directly impact storage technologies. Still, there are some core concepts that need to be understood especially now that there is so much more information that needs to be secured.
As you continue to design and evolve your own overall security and storage security strategy, it’s critical to keep an eye on the shift that’s happening in the security industry. According to Gartner, a significant portion of organizations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response. This new dynamic has given rise to significant growth throughout the globe for managed security services.
Here’s the big takeaway: By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.
So what does this mean for your own security practice? How do you take cloud, storage, and even compliance into consideration? With that, let’s look at five important things to understand when it comes to storage, security, and cloud.
- The cloud is vulnerable, but that doesn’t mean you should be. Know where your data is being stored, how it is being transferred and who owns the keys. For example, in a recent major cloud outage a simple SSL certificate was allowed to expire. This then created a global, cascading failure taking down numerous vital public cloud components. Who was the provider? Microsoft Azure. This kind of outage caused number of critical services including XBOX Live to go down; all because the certificate wasn’t renewed. Make sure to keep an eye on certs, and how data is moved between various cloud components. From a storage perspective, creating agility and multi-node storage arrays helps keep your data safer and more resilient.
- Software-defined systems can help with security and agility. You’re beginning to abstract data into the logical control layer. This enables greater visibility and data controls. Plus, you can integrate some powerful DLP technologies directly into your data processing environment. Physical storage vendors need to see the writing in the wall and adapt quickly. Already some are introducing powerful, agnostic, logical storage layers capable of direct cloud and data center interconnectivity. Solutions from VMware and Atlantis already include HA, encryption, deduplication, replication, cloud API extensions and more.
- Look at new ways to control compliance and data delivery. Fortunately, cloud and compliance have come a very long way. Akamai, Lockheed Martin, Microsoft, Amazon Web Services (AWS) and the U.S. Department of Agriculture are all are running government clouds. To be exact, they are FedRAMP Compliant cloud service providers (CSPs). Furthermore, if you examine the Amazon AWS complaince matrix you’ll quickly see that you can now run cloud-based workloads with PCI DSS, ISO, FedRAMP, and even DoD compliance standards. Here’s another example, Data Gravity recently created a unique unified storage platform which offers insights at the same richness of intelligence, regardless of whether the data is block or file. The software architecture lets IT teams, as well as security, compliance and line-of-business users unlock the value in their data by automatically analyzing information as it is ingested, without impacting production operations.
- Never forget the physical aspects of data security. You might be rolling your eyes. But don’t skip this step. Some of the biggest healthcare breaches happened because a locker was left open and a physical disk was taken. Let me give you an anecdotal example. As reported in a recent article, Texas Health Harris Methodist Hospital Fort Worth has put up a notice on its website titled “Microfiche Incident.” That notice goes on to explain how on May 11 a portion of the microfiche meant to be destroyed by its paper-shredding vendor, Shred-it, was found in a park. What did that microfiche contain? Patient names, patient addresses, dates of birth, medical record numbers, clinical information, health insurance information and in some instances Social Security numbers. Now, you might not be trying to secure microfiche, but what about backup tapes? Recovery drives? Laptops with proprietary information which might currently be in a storage locker? Storage environments housing critical pieces of data must be locked down physically. If you’re bound by compliance or other regulations, make sure your cloud provider can abide by these regulations as well.
- Your best security platform is only as good as how you architected it. Constant vigilance can’t be the only answer to the ultimate security question. Still, how do you stay ahead? In my experience, constant testing, good policies and architecture reviews are some of the best ways to find holes and problems before the bad guys. Ever-changing protocols, APIs, and other cloud-based elements mean that your storage environment must be agile as well.
Your security architecture must play hand-in-hand with your storage environment. This is especially the case with the proliferation of cloud computing technologies. So, as you design your next-generation storage solution, how are you going to take security into consideration? Are you already deploying powerful data loss prevention technologies? Remember, the amount of storage you will have to control will only continue to increase, so it’s good to get a nice start on creating an equally powerful storage security methodology.