Secure Storage: A Necessary Evolution

By | October 11, 2006

All large organisations have gone to great lengths to protect their information assets. All kinds of security systems, from network firewalls and VPNs to passwords and physical mechanisms have been implemented to prevent unauthorised access to networks and premises. Yet, even with all these security measures in place, highly publicised data breaches involving the leakage and theft of customer- and employee-sensitive information still occur. The resulting damage to corporate reputations and a climate of increased regulatory compliance, is forcing organisations to focus attention on protecting corporate digital assets even further.

When it comes to storage, businesses are only too well aware of the risks that hacking attacks, disgruntled employees, human error, loss or theft of hardware or backup media can pose. With these threats in mind, it is not possible for storage systems to continue to be simple repositories of data. A new breed of secure storage system that safeguards corporate digital assets even when corporate security has been compromised is emerging. Secure storage systems help to meet compliance requirements and ensure good corporate governance.

Secure storage provides an integrated approach to managing, storing and protecting information over the course of its lifetime. Recent rulings have left companies with the “burden of proof” when it comes to defending themselves in a court of law. In this climate selecting and implementing a storage solution that is completely secure becomes a matter of the highest priority. Consideration must be given to how the full information lifecycle will be managed and how the storage process will take account of a multiplicity of demands from corporate data security policies to regulatory compliance constraints, from legal issues to protection against malicious or accidental loss, from retrieving information about unauthorised access attempts to disposal of data. Secure storage is essential if organisations are to comply with all the conflicting pressures on their business. In short, it totally changes the criteria for storage systems purchase.

Secure storage systems can only meet the goals of senior management, IT and corporate legal departments by combining secure encryption, storage management software, clustered servers and RAID protected hardware. This is the only way to provide the multiple levels of protection need to minimise the risk of data security breaches at the point of storage and ensure ongoing good data management practices. Secure storage systems are also fault-tolerant and easily implemented within a SAN, NAS, or DAS storage infrastructure, with capacity and security features scalable to meet future growth.

The secure storage appliance ensures all copies of data in the system are protected in the event of loss or theft. How the encryption keys are managed is critical to whole data protection process. Encryption keys have to be kept safe – not just from outside attack, but from inadvertent tampering by insiders and from theft of the physical hardware where the keys reside. Secure storage systems have a robust authentication layer, controlling whether or not a specific user is allowed to access the decrypted content.

Finally, a complete, auditable data trail is created. Should a company’s data policy ever be investigated, a file’s proof of origin – who created it, when was it created and what application created it – and evidence of whether the data has been tampered must be readily available. Many compliance regulations require organisations to be able to provide audit reports for historic data. The ability to provide extensive reports, throughout the data’s lifecycle, is an important feature of secure storage. At the end of a file’s lifecycle, secure storage systems ensure that all copies of the file are irrevocably deleted in order to meet privacy regulations and corporate governance practices.

In summary, in a business climate where large organisations find themselves governed by regulatory compliance, data protection laws and intellectual property rights, the leakage of confidential data not only does damage to reputations but the financial repercussions can run into millions. Like it or not, this is the future we all face. Investment in secure storage systems is the only way to be confident that your company-confidential data will never be compromised.

Nexsan Technologies is exhibiting at Storage Expo 2006

Leave a Reply