• Home
• Articles Archive
• Features List

• Media Pack
• Contact Us
• Subscribe

FRAGILE WORLD

From STORAGE Magazine Vol 8, Issue 06 - October 2008

ANY GOOD STRATEGY FOR DATA STORAGE PROTECTION INCLUDES A STRATEGIC BALANCE BETWEEN
INFORMATION AVAILABILITY AND INFORMATION SECURITY. BUT HOW EXACTLY DO YOU GET THAT
DELICATE BALANCE RIGHT? EDITOR BRIAN WALL HAS BEEN FINDING OUT

IT managers today find themselves with the challenging task of maintaining the delicate balance between ensuring both information security and availability - and all at a reasonable cost. It's easy to make information completely secure - by locking it up in a safe, for example - but the trick is to also ensure that it is within everyone’s reach when needed. However, by providing information access, there are always risks, which generally fall into several categories, not least of which are malicious attacks, human error and natural disasters. Recent history should also remind us of how quickly natural disasters can strike and bring any unwary business to its knees.

A good strategy for effective storage security should take all of these risks into consideration and ensure that the business has in place the following: online data protection; data encryption, physical security measures; and Lock-down processes to manage data throughout the lifecycle. But how do you bring all of these together across the business? Do you really need to? Is it even affordable for SMEs? How many don't bother - and get away with it? And how do you ensure a culture of collective responsibility throughout the organisation?

Not easily is the first response, especially when you consider that we live in a world where there is a vastly increased mobility of the workforce - and the ability to connect to the Internet from just about anywhere. This presents real challenges for data security.

OUTSIDE THREATS "At the corporate desktop, the user is secure," points out Joe Fagan, CMS Peripherals. "There is probably a rack of security products, hardware and software, that provide antivirus, anti-spam, antiphishing, anti-spyware, intrusion detection, stateful inspection firewall, URL filtering and a host of other security measures. Inside the secured perimeter, corporate data is protected. The perimeter is even extended to embrace tele-workers, connected via VPN."

However, outside lurks a far more threatening environment - the local coffee shop, airport or hotel. "To connect to the corporate network, even over VPN, requires that the user first connects to the facility's network," he states. "The laptop is physically connected to the same network as everyone else in the hotel or airport. The rack of security kit back in corporate is oblivious to the threat and the user relies on whatever security the facility offers, if any, or relies on security software loaded on the laptop.

"But, of course, the attacks to which the user is most vulnerable are the most recent, and virus signatures or policies might not have been updated for days. Then when the user returns to the office, malicious content is taken inside the perimeter and exposes the entire corporate network." There is certainly something contradictory about running security software on the laptop that's being protected - akin, says Fagan, "to having the nightclub bouncer at the bar, rather than outside at the door."

The threat must physically arrive on to the laptop before being recognised and blocked. "Apart from security, there are the performance issues. AV virus signatures now run into tens of thousands, and searching each piece of content for any one of these signatures is processor and memory-intensive. Companies have been tempted to delete older virus signatures to improve performance."

Last year, a company in Germany did just that, he adds, and allegedly 100,000 machines were infected by a 13-year-old virus called Stoned Angelina!

"There is a new paradigm for mobile corporate data security that addresses the above issues in a robust and future-proof way. It is to have another computer that runs all the 'antis' and nine other security applications on all content before the data ever gets to the laptop. It isolates the user from the public network, and updates its signatures and policies every five minutes." But is a user prepared to carry another computer around? "Well, this amazing Linuxbased miniature computer, from Yoggie Security Systems, weighs in at 18grams (0.6 ounces) and is fitted inside a USB key. There is now an even smaller express card version available. There is little doubt that this is the way corporate data on mobile computers will be protected in the future."

CORPORATE IMPACT

There have been a number of high-profile data breaches that have forced companies to reconsider how they manage and store data. Brand damage, regulatory penalties, increased legal liability, cost of downtime and public awareness of identity theft have all underscored the importance of securing data.

"However, the key question for most businesses is how to implement a data security strategy that protects them, but that they can also afford," points out John Rollason, product marketing manager, EMEA, NetApp. "In many organisations, the collective responsibility for data security often requires a major shift in attitudes relating to the way information is used and stored. To help implement a more responsible corporate culture, storage managers also need to reduce the costs and simplify the processes associated with data security with as little impact on application performance as possible."

An affordable secure storage architecture strategy should include replacing tape back-up with online disk back-up, he argues. "Backing up online to disk is not only more secure, but also saves cost and ensures minimal downtime when a disaster occurs. Storage encryption and data permanence technologies such as WORM (Write Once Read Many) storage should be considered, where appropriate. The limitations of traditional fixed storage architectures have often meant that the cost, complexity and performance impact of adding separate systems to support each of these has been prohibitive." Whether outsourced to 'the cloud' or built internally, online data protection needs to be made more cost effective, so that all customer applications can take advantage of it. "This can be achieved by taking advantage of available technology, such as virtualised storage, data deduplication, more efficient RAID 6 protection and thin provisioning.

The alternative is simply no data protection at all, which is often the case for lower tiers of applications or a reliance on offline media, such as tape backup, which is insecure (as the public data breaches demonstrated), unreliable, slow and expensive." Rollason believes the best approach to efficient storage security is to deploy a unified storage architecture - one that uses just one set of software and processes across all tiers of storage, greatly simplifying the complexities of securing and protecting data. Business can then focus on understanding what data they have stored that is most critical to their business and securing it. "This type of information should be encrypted as standard," he says. "Data that is not as critical can be treated as lower priority and benefit from a lower storage cost. A single process for provisioning, mirroring, backup, encryption, data permanence and upgrades lowers administrative costs and makes it easier to deploy secure capabilities across all tiers of storage, without the cost of migrations between incompatible storage systems.

"A scalable, unified architecture approach is what makes storage security a cost-effective proposition for SMEs and large enterprises alike, who can more easily manage their infrastructure in line with their data and security requirements."

MAJOR INCIDENTS

Faced with potential data loss, any company's survival and success rests in its ability to keep data accessible and protected. Hence its chosen storage media occupies a key position in its operational processes, as organisations must be able to ensure their backup data can be recovered.

Although the occurrences of major incidents may seem rare, you only have to consider the catastrophic New Orleans floods and Buncefield explosions, which - along with the terrible human cost - have on-going implications at the data security level. Everything in the backup process needs to be centred on reliable recovery and one of the most critical links in the storage security process is, of course, the quality of the backup tape itself.

World-class data media, supported by diagnostic tools is paramount to the data security of any company. Fujifilm is one vendor that sees itself in this category, particularly with regard to its coating technology, which powers expanded capacities, performance and stability to ensure the safety and security of data. It offers a wide range of enterprise and mid-range datatape solutions, including 3592, DLT Tape and LTO Ultrium tapes. It also offers a portfolio of backup services as part of a security strategy, all of which come under the umbrella of 'Fujifilm First for Service', including labelling and initialising, data conversion, recovery and disposal. The costs of recreating data are extremely high and obviously, the cost of business failure cannot be contemplated. Why expose your company to these risks, when they can be avoided by using an adequate media rotation schedule?

Fujifilm recommends the following preventive steps:

• Verify that your back-up data can be recovered
• Create a version history
• Store backup copies off-site
• Have a management system and good rotation system in place.

As Roger Moore, strategic business manager, Fujifilm Recording Media, points out: "It is important to put measures in place to analyse drive and tape performance. Fujifilm's new Data Cartridge Analyser is an innovative device developed to check LTO Ultrium cartridge and drive performance, in order to minimise risk of data loss. The device retrieves data from the memory chip inside the cartridge, and advanced software provides detailed data, status reports and recommendations, with free on-line support included."

Fujifilm has also recently launched a highend data/drive monitoring solution - the Read Verify Appliance (RVA). This proactively monitors the integrity of tape media and drives to generate comprehensive reports on the health of a company's backup environment. The RVA features an automatic alerting and reporting tool that can be customised to fit a user's specific requirements.

The safety and security of your data ultimately revolves around the integrity of your data backup. Ensuring that effective processes are in place to recover data, as and when necessary, is a fundamental - and vital - part of that.