Getting tough on data security
Initiatives and products from Atempo, NetApp bring a ray of hope to storage security
Follow @infoworldOne job I don't envy is being the person responsible for data security at a major company. There are very few other jobs where there is so little you can do to prevent so much from going wrong.
Not surprisingly, many companies view their security guru pretty much like the way ancient tribal people saw their medicine man -- although perhaps with much less confidence these days. Take, for example, the recent rise in security breaches (lost backup tapes, disclosure of customers' data, and such). I don't believe -- not even for a second -- that those companies saw the possibility of a security breach coming and chose to do nothing to prevent it.
Rather, I believe their priority was to attend to other security measures considered more pressing at the time than, say, encrypting tapes or verifying access to e-mail archives. The scary part is that right at this moment, your company (and mine) could be making the same mistake.
Is it reasonable to assume that the same incident won't happen again -- that lightning won't strike twice? Perhaps, but a security breach in a different area is still possible because a full security blanket does not exist. Also, there's no well-defined framework for data security, which makes it difficult for companies to effectively integrate different products. As a result, even if the security manager is making every possible effort to protect the confidentiality and integrity of company data, those measures are not guaranteed to work.
Luckily, things are beginning to change, perhaps fueled by the public uproar following some of the recent security breaches. I recently spoke to at least two vendors who gave me a ray of hope for the future of data security.
"The problem our company really focuses on is how to simplify data management, and security is a fundamental component of that," says Kevin Brown, vice president of marketing at Decru, a storage security vendor that was acquired by NetApp earlier this year. I spoke with Brown to learn more about NetApp's new Uncompromised Security Initiative program.
"If you look at the storage industry, there has been very little security built into any of the products," Brown says. This candid statement probably explains why the early stages of NetApp's initiative take a critical look at the status quo of data security.
"You can steal a lot more money by stealing a backup tape today than by assaulting an armored truck," Brown continues, adding that a company's backup data is much less protected that those tanklike trucks.
"What we are trying to do [with the Uncompromised Security Initiative] is to listen to customers' concerns [about security] and see how we are going to fulfill them," Brown says.
Brown lines up the major building blocks of a comprehensive approach to data security, including keeping the bad guys at bay, protecting the company perimeter, and implementing comprehensive data-protection measures. Customers may have skipped some of these data-protection measures because they were too onerous on daily operations, he says.
"We can do a lot better," Brown says. "We can build security into the infrastructure, and as vendors start building security into all their products, we can make systems a lot more secure."
