Burgeoning Technologies


As more data is entrusted to more highly accessible topologies such as FC fabrics or IP SANs, it is inevitable that the vulnerability of the data that they host and transport will increase. A question that is being asked more often these days is whether the existing safeguards in LANs, which interconnect servers to their back-end storage topologies, and in server operating systems themselves , are sufficiently robust to fend off an earnest hacker.

As shown in Figure 10-3, contemporary LANs and servers provide the bulk of the security capabilities that organizations have come to depend upon to insulate business processes from malicious outsiders ”and to some extent from insiders. In the case of internal threats, most experts believe that there is much more work to do.

Figure 10-3. Typical security provisioning in a LAN.

graphics/10fig03.jpg

In 2002, a study of 146 companies by Activis, a security company based in Reading, England, determined that 81 percent of security breaches originated internally, another 13 percent came from ex- employees and 6 percent from external hackers. [9] While this did not jibe with the findings of the U.S.-focused 2003 CSI/FBI Computer Crime and Security Survey, which saw a slight -but-perceptible decline in internally originated (as opposed to externally originated) attacks, it does underscore the point that trusted personnel inside the organization can do as much or more harm to data than all the nameless malcontents who hack web servers. [10]

There continues to be serious doubt over the adequacy of security provided in existing networks and servers in coping with internal threats ” especially since this exposure often comes from inside the demilitarized zone created by firewalls and other protection schemes and perpetrators often have authorization to access applications and their hosting platforms. Beyond establishing hard-line policies that threaten employees with prosecution , there seems to be little more that can be done in commercial organizations that will not impair system performance or generate user push-back. Many organizations have determined that multiple logins, login time-outs, and similar strategies are simply too costly or too difficult to administer, relegating the issue to the "too hard" file for now.

In the case of storage security, this is unacceptable. As storage becomes more and more networked, the actions of a single individual could cause significant and unrecoverable corruption of the primary asset of a company: data. One partial solution to this conundrum is transparent encryption.



The Holy Grail of Network Storage Management
The Holy Grail of Network Storage Management
ISBN: 0130284165
EAN: 2147483647
Year: 2003
Pages: 96

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net