The goal of protecting storage translates to the following general objectives in the storage world:
This chapter has surveyed many of the components of a storage security capability and identified burgeoning technologies for access control, authentication and administration that are still very much in development as of this writing. Figure 10-5 is offered as a summary of vulnerabilities, some of which have yet to be addressed. Figure 10-5. Security targets in storage.
The targets for security in this illustration follow the data path from host device driver and host-based virtualization software "volume descriptions," to HBAs and NICs, to interconnects between servers, storage devices and networking or fabric devices, to switches and their configuration controls, to media, and even storage management consoles ( especially those based on SNMP). Security must also be a component of disaster recovery provisions articulated in storage architecture. Remote mirrors and tape vaults, and SAN-to-SAN bridges across WANs, are all logical targets for security. They must be covered in whatever storage security strategy designers develop for their organizations. This discussion also underscores a more subtle change that will be required for those seeking to build an intelligent networked storage architecture for their organizations. It is a change in the views we currently hold about storage and the skills set required to effectively plan storage infrastructure. As the above suggests, it is no longer sufficient to content ourselves with a knowledge of bit domains, transfer rates, areal densities , disk interfaces, and LUNs as the knowledge and skills required for storage management. If storage is to become a utility infrastructure unto itself, we will need a set of new hybrid set of skills and knowledge to cope. We will need to develop broader expertise not only in the bits and bytes of storage technology, but also in networking, object-oriented programming, disaster recovery planning, and security planning. Change always carries with it new burdens and new responsibilities. The ultimate risk to data is the current gap in the requisite knowledge and skills for its management. |