Securing your information assets and data, what about your storage?
Recently I did a piece over at the site Information Security Buzz title How Secure Is Your Data Storage? that takes a cursory look at securing your digital assets from a storage perspective. Keep in mind that data protection can mean many things to different people from various focus or technology domain perspectives. Likewise there are various threat risks to protect against and, not all of them are head-line news making events.
Protecting data and data protection
Protecting your data or data protection is a diverse topic and not exclusive to just backup/restore, business continuance (BC), disaster recovery (DR), high availability (HA), durability, archiving, privacy and compliance (PCI, Hippa, High-tech, Sarbox, etc) or security (logical [encryption, access control, identity management] and physical).
In the broader scope and context of information infrastructures and data infrastructures, think of data protection as part of or enabling protect, process, preserve and serving of information in an effective way that does not introduce complexity or compromise your digital and physical assets.
Following is an excerpt from the piece over at Information Security Buzz:
The usual belief is that information behind firewall's and on storage attached to servers that have rights access control and find access, all is safe; hence no need to encrypt the real storage device. There is a couple of other usual comments or statements that people make to me about encrypting storage devices that it is too difficult due to lack of good key management, and the other is that people say the encryption algorithms are no good. Both can be valid points, particular given what we are hearing with the NSA and other government activities. My usual response is a) have spare keys placed in safe trusted locations and b) do you lock the doors and windows on your home as somebody who really wants to get in probably can, hence need for multiple rings of security, however the encryption will deter the casual or more typical adversary. |
Additional data protection topics and links
In addition to the above, also check out the following related items on the many difference faces or facets of data protection.
Various StorageIO tips and articles from different venues: Via StateTech Magazine - 5 Tips for Factoring Software into Disaster Recovery Plans and Via the StorageIO fall November 2013 news letter, Cloud and data protection perspectives.
Also via StorageIOblog: Data protection modernization, more than swapping out media and Cloud conversations: Has Nirvanix shutdown caused cloud confidence and data protection concerns? along with In the data center or information factory not everything is the same plus Securing data at rest and fast secure erase with SED's.
Also check out BackupU (www.software.dell.com/backupU) series of webinars and Google+ hangouts that I'm involved with about modernizing and rethinking data protection. Note that while Dell is the sponsor of these events, they are also vendor and technology neutral, that's a disclosure btw fwiw ).
Closing perspective, for now...
Only you can prevent data loss as it is a shared responsibility!
Ok, nuff said (for now)
Cheers gs