The goal of all security is to protect important assets. Whether it's putting jewels in a safe at home, posting a guard at the front gate to a plant, or setting up elaborate intrusion detection systems on your network, all security is about safeguarding something of value. Storage security shares that goal. Its chief objective is the protection of data from harm by intruders, malcontents, and the incompetent. Backup and remote copy ensure that data is protected by having duplicates in safe locations and on different media. The purpose of these methods is to be able to restore data after it has been damaged. Storage security ensures that data is protected from harm in the first place. The best data protection plan falls short if an intruder destroys or alters the data before it can be replicated to a more physically secure site. Storage security focuses on making the storage system environment safe. For DAS devices, solid server and application security are enough to secure the storage as well. Storage security becomes much more difficult when networked storage is involved. SAN and NAS systems allow hosts to have direct access to shared storage. Although these systems provide many advantages, they are more difficult to secure. This is especially true of SAN systems, which, in terms of security, are quite immature and lack basic features such as access control. Moat, Bailey, and Keep In medieval times, the security of a castle was based on a three-tier design. Called a moat-and-bailey design, it integrated three different obstacles that an attacker had to overcome to overpower the castle inhabitants. A moat was a big, deep ditch that surrounded as much of the castle as possible. The bailey wall was a high wall with a steep face that was originally made of earth. Finally, in the center of the castle complex was the keep. The keep was a high tower, usually made of stone, that provided the last refuge to the defenders. Defenders could hold out for very long periods of time in the keep. System security utilizes a similar three-tier design. Network perimeter security, like the medieval moat, keeps the majority of external attackers at bay. Server and application security, the bailey wall of system security, provides yet another obstacle to people intent on damaging a corporation's data. The keep is storage security. It is the last line of defense from external threats and provides security from those already inside the corporate network. |
|