ORLANDO, FL. — Enterprises are at a “critical intersection,” according to NetApp’s Tim Russell: facing the task of balancing data regulatory mandates while simultaneously keeping IT costs down and service levels up.
That’s the message that Russell, vice president and general manager of NetApp’s storage security business unit, delivered during a morning session at Storage Networking World, the bi-annual storage conference taking place here this week.
While encapsulating the challenges now facing IT shops, Russell also said enterprises’ balancing act may only get more precarious: Businesses need to meet growing user demand for data access while coping with a growing number of rules and regulations.
As a result, companies must realize that “perimeter” security approaches no longer work — and have to adopt technologies like data encryption.
“The perimeter was once just the firewall, now it is moving closer to the storage environment,” Russell said. “If you’re not doing security there, you’re going to have trouble because you’re all letting more people into your networks and giving them more data access and security has to be in place.”
Russell said one recent study found that 75 percent of all data loss incidents are tied to human error. He also said IT is responsible for 30 percent of “inappropriate” data loss — ranging from misplaced memory sticks to failing to fully scrub data from laptops before disposal.
The comments echo growing concern over data security among IT professionals. The subject was cited as the top priority for 2008 by IT pros in a recent Enterprise Strategy Group study.
One reason that IT staffs have data protection on their minds is in response to a growing number of security and breach-notification regulations, forcing companies to shore up their efforts at safeguarding data.
“We see research that clearly indicates security breach notification laws are working and best practices in securing confidential data, whether it’s active or stored, is helping to keep security tight,” Russell said.
But, he noted, there is still a long way to go. Many enterprises aren’t even using encryption technology, which he describes as the foundation of storage security.
State and national government here and abroad aren’t obviously satisfied with company security approaches. Lawmakers in both the US and the UK are pushing new mandates into the pipeline. A privacy commission in England wants criminal offense penalties to be unlimited in scope for companies that suffer repeated and egregious breaches.