Integrated Standards For Storage Security Lacking: ExpertsIntegrated Standards For Storage Security Lacking: Experts

Businesses need to integrate various technologies to tighten storage security in response to regulatory pressure, a storage advisory group said Tuesday.

Wikibon, a newly formed community of experts that offers free research and advisory services, hosted a teleconference to assess the state of storage security and technological advancements.

Companies need to integrate compliance requirements with life cycle management, "so that data is secured and you can track it from beginning to end," said David Floyer, a former IDC analyst and one of the founders of Wikibon.

Floyer said encryption is one way to secure data when it comes to storage, but it's just part of the solution. It's not feasible to encrypt all data in a data center, since the volumes of data are typically too large and there are too many servers accessing data, among other factors. It makes sense to encrypt data where there's a regulatory requirement, such as personal records. Encryption also makes sense when transporting data over a network or physically by tape, Floyer said.

Access control is the other piece of the puzzle. It helps prevent people from gaining unauthorized access to data through a corporate network. As a result, more businesses are making it a requirement to integrate network security and storage security through the use of Internet Protocol storage.

"The uncomfortable answer for organizations is that 90% of data exposure comes from within the organization. You have to understand who looked at what when and who changed what and when. You need to know that it happened and deter people," said Floyer. Audit trails are necessary. What's currently missing in storage is an open product that combines all these security components into one. There are a couple of closed systems, such as one offered by EMC's RSA security division, Floyer said.

Earlier this week, EMC rolled out a new line-up of storage systems and software. EMC also introduced a new version of its Enginuity storage-operating environment, which integrates with the RSA EnVision platform for an enterprise-wide view of audit logs for security and compliance.

But security requires open standards and collaboration between systems integrators and vendors to bring to market an integrated product. Floyer concluded, "One vendor cannot provide one solution to the world."

Wikibon expects storage vendors to bring to market a wide range of storage security features like WORM (write once, read many) and encryption for stored data by next year. The new systems will use hyper-firewalls, advanced encryption, and biometrics.