As data storage is increasingly networked to allow wider access, keeping the system secure has become a priority, says Ian Bond.
One of the fundamental shifts in IT departments over the past five years has been the increasing use of networked data storage systems across organisations. While this has delivered many benefits, it has brought with it a security threat that needs to be managed.
Storage systems have traditionally been considered secure because deployments have been limited to part of a single data centre, in essence a physically isolated environment. However, the advent of networked storage means that storage security should now move onto the CIO's list of priorities.
It is not uncommon to find a storage area network (SAN) that spans outside a data centre. SAN extension technologies such as DWDM, CWDM and FCIP can be used to connect devices and storage across multiple locations. As the number of devices connected to a SAN increases and distributed SANs become more common, it is dangerous to depend on security through isolation. Just as security is a consideration when sensitive information passes over data networks, the same care should be taken when deploying a SAN.
SAN security must be able to deal with three types of threat: external – hackers and people with malicious intent; internal – unauthorised staff and compromised devices; and unintentional threats from authorised users, such as misconfigurations and human errors.
While the first two are relatively straightforward and well understood from a security standpoint, the third is less simple. Minimal, if any, attention has been paid to unintentional security threats from authorised users.
The standard application and server administration approach of granting the minimum privileges to perform a task holds true when working with a storage area network. There are many facets to this. The benefits of locking down operator privileges on a switch using role-based authentication are easily understood; but others, such as minimising the probability of a disruptive fabric reconfiguration as a result of -misconfiguration, are less obvious. Many of these blur the boundaries between storage network security, best practice design and high-availability SAN design, but all are important from the perspective that correctly configured secure switches can help prevent both deliberate and unintentional disruptions.
Securing data in the broader sense falls into two further focus areas: data in transit and at rest. Many features to enable security in both these states, including encryption of data in transit on both fibre channel (FC) and internet protocol (IP) networks and encryption of data on storage media, are now being delivered by storage technology vendors and should be included in any security policy developed by IT departments.
Vulnerabilities and threats can prevent users from accessing mission-critical applications, directly disrupt application operation or compromise confidential and valuable information. It is essential that security and network managers collaborate to understand the particular vulnerabilities and threats to data-centre resources, so they can develop a robust security policy and deliver this in an adopted architecture. CIOs must now ensure that storage security is included in the design of the wider IT security policy.
Aligning this policy to business goals will help define security zones – areas of the data centre separated into zones to minimise the impact of an attack. Following this up with a security posture assessment will allow the business to set appropriate risk levels for each asset/zone based on importance and cost factors.
At the heart of the process should be a strategy of defence in depth: rather than just securing the perimeter or deploying some access controls internally, security measures should be placed throughout the network to defend the SAN. This way, if there is a breach in one part of the network, there are still many layers of security before a malicious program or hacker can reach the crown jewels.
Complementing this strategy with an automatic alert and defence system to notify when breaches occur also means the attack can be isolated and contained. Finally, it is essential to monitor the efficiency of the deployed solution and review and change the policy if necessary.
Security should not be seen as a storage add-on, it is a continuous process that should be integrated with data-centre operations. With a highly resilient, efficient and adaptive data-centre network in place, CIOs can spend less time worrying about data security and more time on realigning resources for growth by addressing competitive pressures, extending market reach and speeding up time-to-market of new services.
- Ian Bond is a data centre consultant at Cisco Systems UK & Ireland