Storage security starts with a proper assessment

Not Logged In

You could:

research notes

research meetings

Events

Enterprise Architect Summit 2008
Oct 4-6, 2008
Peer Incite meeting - Topic: Best practice in tape backup and recovery
Oct 7, 12:00-1:00 PM
Computerworld: Storage Networking World
Oct 12-15, 2008
Usenix on the Road: Next Generation Storage Networking - 1/2 Day Lecture at the University of North Carolina
Oct 16, 12:30-4:00 PM
Usenix on the Road: Next Generation Storage Networking - 1/2 Day Lecture at Virginia Tech
Oct 21, 1:30-5:00 PM

Announcements

Home Profile Peers Wiki Groups Feedback

Storage security starts with a proper assessment

Currently n/a/5 Stars.
1
2
3
4
5

rate this

Last Update: Feb 16, 2008 | 08:25

Viewed 682 times | Community Rating: n/a

Originating Author: David Vellante

Originating Author: David Vellante

As with any risk mitigation initiative, storage security requires IT organizations begin by assessing the situation at hand. Making storage security a natural extension of storage pools and classification efforts will simplify the process.

Users need to identify information assets, their relative value, degree of exposure and liklihood of a breach. This can be done with a simple matrix that assesses exposure (loss potential) and probability of an event. It is advisable to enlist the stakeholders of the information in the process as they ultimately decide the value of data. However as is often the case with prioritization efforts, everyone believes his data is most important and should reside on the highest performance, most reliable systems. In the case of storage security the complicating issue often greater degrees of security will reduce flexibility, and business lines are typically willing to compromise security to preserve flexibility. These countervailing pressures should be considered and addressed in a relative manner in any assessment, in order to provide a clear picture to executive decision-makers.

In any event, the notion of a maximum acceptable loss (MAL) should be an outcome of the assessment. This threshold should guide storage managers and set the water mark for where discretionary decision-making can occur (i.e. if losses are kept below the MAL then it's up to the discretion of the IT organization to implement the right technologies and processes).

What follows are strategies to mitigate losses based on this assessment. This may involve:

Putting controls in place
Eliminating the risk
Transferring or sharing the risk
Accepting the risk (e.g. for low impact events)

All of this should be done with an understanding of the costs, potential losses and residual exposures that can exist for assets that cannot be protected fully due to costs or other factors.

Action Item: Storage security starts with a proper assessment of the assets being secured. IT should use a common framework that can be applied to cut through the politics of decision-making and, if necessary, used as a 'stick' to cajole stubborn lines-of-business who are willing to trade adequate security for flexibility.

Action Item:

Footnotes:

Comments on 'Storage security starts with a proper assessment'

There are currently no comments. Be the first!

Revision ID	Author	Timestamp	Comment
13954	Dab4168	08 Feb 16 20:25:24	Removed category Author dvellante
9582	67.163.111.222	07 Jul 18 12:12:48
9559	Dvellante	07 Jul 17 15:09:46
9558	Dvellante	07 Jul 17 15:07:37
9557	Dvellante	07 Jul 17 15:07:00
9556	Dvellante	07 Jul 17 15:00:23
9555	Dvellante	07 Jul 17 14:59:22
9552	Dvellante	07 Jul 17 14:44:59
9551	Dvellante	07 Jul 17 14:42:11	initial post

research notes

research meetings

Events

Announcements

Comments on 'Storage security starts with a proper assessment'

Post A Comment

news feed

blogs

companies

Storage Spectrum