Getting Beyond M&M SANs

“

Most SANs are like M

&

Ms

”

hard and crunchy on the outside and soft on the inside.

This observation on Storage Area Network (SAN) design is from Clement Kent, the Chief Technical Officer of security firm Kasten Chase, Inc. He makes a vital point. Companies spend precious resources hardening the outer network shell with firewalls, passwords, certificates and keys, but the center, the actual data, is as insecure as ever. Let’s take a look at what it takes to secure a SAN all the way from the edge to the core.

Keep the Shell Hard

Opening the enterprise data farm to company users in far-flung offices makes data more usable and more valuable, but far more vulnerable. Hackers and crackers continue to probe industrial defenses using new attack technology. Clearly, then, it is essential to deploy the latest developments in intrusion detection, firewalls, hardened switches and routers, and management systems. Storage administrators must not make the mistake of leaving everything to network personnel. At the very least, they must stay current with perimeter defense technology and wage a constant funding campaign for new tools and upgrades.

Harden the Core

Imagine the consequences if a criminal walked off with the daily backup tapes. Blackmail, class-action lawsuits and corporate train wrecks are real possibilities. Storage personnel must take the viewpoint that the bad guys will succeed sometime, so steps must be taken to minimize the value of what they obtain. This viewpoint is the first step toward real SAN security. If the data on the stolen backup tapes is encrypted, the criminal gains nothing and the company is safeguarded.

Storage encryption technology is not absolutely perfect, however, and SAN architects should not delude themselves by thinking otherwise. Given time and teraflops, a criminal can even beat 128-bit encryption. But storage encryption wraps the data in yet another protective layer and hardens the core of any SAN. Storage encryption appliances such as the Decru Data Fort, Kasten Chase Assurency SecureData and NeoScale Systems CryptoStor provide security without a costly performance hit. Using separate keys for data compartments can create an access control layer on top of the hardware zoning and LUN masking underneath.

Centralize Command

Security is everyone’s responsibility, but unless one person is given the responsibility and authority to oversee all areas of corporate security, the company will have gaps in the coverage. A single appointed security manager can bridge the gap between network security and storage security specialists. Make the security manager the security policy approver, so that all conflicting procedures can be resolved and gaps between boundaries can be covered. Solicit input from Human Resources, so security policies have real teeth and unpleasant consequences for employees who slide off the straight and narrow. Obtain corporate buy-in to spread security awareness and responsibility to all parts of the company. This is vital as end-to-end SAN security does not come cheap.

Page 2: Audit Often

Conduct annual security audits to evaluate strengths, weaknesses and risk. There are good guidelines available from the Storage Security Industry Forum, a part of the Storage Networking Industry Association (SNIA) See http://www.snia.org/ssif. Watch for new developments in network and storage security and new threats from outside and inside the firewalls. Some of the basics for every audit, as recommended by SNIA:

• Policies cover both network and storage security and all interfaces between the two areas
• Policies are current with new laws and regulations affecting your data security
• Evaluate the best balances between access limitation and data availability
• Levels of confidentiality are applied to data appropriately
• Employee security awareness program is current and active
• Storage centers, network hardware, and servers are in physically secure buildings
• Zoning and LUN masking are appropriate to current business needs
• Processes team up the multiple specialties for system architecture change control
• New software patches and firmware versions are tested and implemented quickly

Harden the Wetware

The eternal fact is that security depends on what is going on between the human’s two ears (the wetware). FBI statistics show that 50 to 80 percent of the security breaches originate inside the firewall. This means that if a company is attacked, the odds are that a co-worker is the culprit: a disgruntled employee, an industrial spy, or just someone foggy from medication and having a careless day.

Further, the keepers of the keys and the guards at the gate are all potential targets for the seduction tricks of industrial and international espionage. Regardless of how closely guarded organizational passwords and keys may be, security comes down to the old question of “Who will watch the Watchers?”

This is a tough look at security. Many companies simply are not ready to confront the “50% to 80%” statistic. Investing in hardware, software and badge readers is easier to understand and approve than addressing people problems. Yet the hard truth is that security crosses over into Corporate Ethics, Human Resources and Line Management.

Keeping people happy with their jobs and loyal to the company is the sunny side of Security. Demanding periodic drug tests and background screening of new employees is the darker side. In these difficult times of downsizing, suspended pay raises, and unpaid overtime, all levels of management must work creatively to maintain employee morale — including their own. Building high morale and loyalty in that wetware between the human ears goes a very long way towards transforming an M&M into a SAN that is a tough nut to crack.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020