Conclusion


The goal of protecting storage translates to the following general objectives in the storage world:

  • Protecting the integrity of data against corruption or loss both while it "at rest" in data repositories (stored on hard disk drives , tape or optical media awaiting use) and while it is "in motion" (being processed by servers, accessed by users, or being transported across networks);

  • Ensuring the confidentiality and privacy of data and protecting against its unauthorized disclosure and potential misuse;

  • Protecting the applications that are used to manage data against alteration, corruption, or misuse;

  • Protecting interconnects, fabrics and networks used to transport data against disruption or misuse.

This chapter has surveyed many of the components of a storage security capability and identified burgeoning technologies for access control, authentication and administration that are still very much in development as of this writing. Figure 10-5 is offered as a summary of vulnerabilities, some of which have yet to be addressed.

Figure 10-5. Security targets in storage.

graphics/10fig05.jpg

The targets for security in this illustration follow the data path from host device driver and host-based virtualization software "volume descriptions," to HBAs and NICs, to interconnects between servers, storage devices and networking or fabric devices, to switches and their configuration controls, to media, and even storage management consoles ( especially those based on SNMP).

Security must also be a component of disaster recovery provisions articulated in storage architecture. Remote mirrors and tape vaults, and SAN-to-SAN bridges across WANs, are all logical targets for security. They must be covered in whatever storage security strategy designers develop for their organizations.

This discussion also underscores a more subtle change that will be required for those seeking to build an intelligent networked storage architecture for their organizations. It is a change in the views we currently hold about storage and the skills set required to effectively plan storage infrastructure.

As the above suggests, it is no longer sufficient to content ourselves with a knowledge of bit domains, transfer rates, areal densities , disk interfaces, and LUNs as the knowledge and skills required for storage management. If storage is to become a utility infrastructure unto itself, we will need a set of new hybrid set of skills and knowledge to cope. We will need to develop broader expertise not only in the bits and bytes of storage technology, but also in networking, object-oriented programming, disaster recovery planning, and security planning.

Change always carries with it new burdens and new responsibilities. The ultimate risk to data is the current gap in the requisite knowledge and skills for its management.



The Holy Grail of Network Storage Management
The Holy Grail of Network Storage Management
ISBN: 0130284165
EAN: 2147483647
Year: 2003
Pages: 96

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net