The Organizational Chasm: Where Security And Storage Pros Fail The Enterprise By Scott C. Temple, Reed Exhibitions

Is your network like a Tootsie Pop: a crunchy shell with a chewy center? You might be surprised. News headlines and organizational studies reveal a disconnect between network security and storage in many companies and yours could be among them.

Organizations large and small are aware that data thefts have peppered the news for months, showcasing an unprecedented need for increased storage security. However, many security admins feel their responsibility for security ends at the network perimeter and see little convergence between their duties and that of storage pros, viewing storage as an island.

That siloed approach has given more then one company a black eye. Data breaches are nothing new, but regulatory compliance is forcing many companies to disclose them for the first time. The results? Stock drops, loss of prestige, compliance issues and lawsuits for identity theft. For example:

• Data storage provider Iron Mountain Inc. in May confirmed that it lost backup tapes of client Time Warner Inc. holding the personal data of 600,000 former and current Time Warner employees.
• In April, online investment brokerage Ameritrade Inc. announced it may have lost an unencrypted backup tape containing account information of 200,000 current and former clients.
• In March, San Jose Medical Group Inc. announced the theft of two laptops holding unencrypted medical information and Social Security numbers of 185,000 people.
• And in February, Bank of America announced an unencrypted backup tape with credit card information on up to 1.2 million federal employees was stolen or lost while being shipped on a commercial airline.

But the "fun" doesn't stop with unencrypted data; fraud can pose similar problems when security isn't considered in business processes. ChoicePoint, a company responsible for client records used by insurance and credit companies, disclosed in February that 145,000 consumer records had been obtained through fake-business requests. The company's former CSO Richard Baich claimed it wasn't an information security issue because the company hadn't been hacked. He and others later called it a "business process that failed." Regardless of other impacts, the company took a financial hit it still hasn't recovered from, dropping nearly 10% from a 52-week high of $47.95 and slowly coming back to a current price of just over $42.00.

These events will become more and more frequent as storage becomes a more intelligent network resource. Over the last five years, storage has evolved from a server sub-component to an enterprise-wide, independently managed networked resource. However, storage has been a largely under-funded and downplayed risk and many organizations haven't factored storage into their security practices. While we're starting to see more encryption of data and use of strong passwords and authentication technology, organizations implementing those measures are still the minority.

Only 12 percent of the Fortune 1000 are using storage security software -- in many cases just elements that are part of their storage area networks (SANs), according to TheInfoPro. Its surveys also found that 62 percent don't have a plan to implement additional measures.

Securing data throughout its lifecycle poses real challenges when considering security measures versus the availability of data that users have become accustomed to. But vendors are gearing up to provide solutions that satisfy those in both security and storage. Increased buyer interest has prompted EMC to talk more about security as a key component and Symantec acquired Veritas earlier this year to compete in the storage arena.

To learn more about solving storage security dilemmas and the risks they pose to enterprises, view a recap of InfoSecurity New York (http://www.infosecurityevent.com) that took place on December 7 and 8. Experts from TheInfoPro, The Taneja Group, Glasshouse Technologies, and Enterprise Strategy Group discussed convergence, backup encryption, bridging the gap between storage and security, and trends and improvements in storage security.

As part of the session Storage and Security: Is Convergence Ahead? Ken Male presented the results of new in-depth surveys with Fortune 1000 and mid-market IT decision makers focusing on technology, detailed budget data and vendor performance.

According to one respondent, "Any security-oriented organization has to recognize that they have to manage terabytes of data. Security has to get closer to the data. If we can get data-level security, then I don't have to worry about the server -- I only have to worry about availability, not confidentiality."

That session also examined implementation plans and preferred vendors for more than 20 current and planned security and storage projects, including access control, identity management, data encryption, and storage security appliances.

Other sessions addressed approaches to merging storage and security, information integrity and future concerns.

The bottom line: Don't be the next headline; everyone needs to take storage security seriously.

---

Scott Temple has over twenty years of experience as an innovator and Vice President for some of the industry's most recognized event companies. Scott is currently the Vice President, Technology Group at Reed Exhibitions, where he has launched global brands in the United States and Canada. Scott is responsible for global expansion, IT Conferences and technology event development. He also manages a series of IT security events, designed to connect IT companies, with an influential community of executive IT decision makers. He has recently taken the events, International Powder & Bulk Solid and new launch of Southeast Powder, into his portfolio.

Prior to Reed, Scott spent fifteen years handling marketing, sales and operations for U.S. Associations and Trade Show companies.

He was also General Manager of development for Eastern European events in Romania, Russia and the Ukraine.

Scott has spoken at numerous industry events and is a member of IAEM, CEMA and IAABO.