Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information. While data encryption is a popular topic, it is just one of many techniques and technologies that can be used to implement a tiered data-security strategy. Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity logs taking action as needed.
Figure 1 below shows common areas of focus pertaining to securing stored data while at rest (being stored) and while in flight (being moved or accessed). Data movement is required for authorized general access, business continuance (BC) and disaster recovery (DR), general data protection as well as archiving for data preservation and compliance. In no particular order, here are 10 items to consider as part of securing your stored data in addition to those in Figure 1.
Figure 1(Click image to see larger view)
- Implement a tiered data protection and security model including multiple perimeter rings of defense to counter applicable threats. Multiple layers of defense can isolate and protect data should one of the defense perimeters be compromised from internal or external threats.
- Include both logical (authorization, authentication, encryption and passwords) and physical (restricted access and locks on server, storage and networking cabinets) security. Hopefully, the closets in your facility for cleaning personal and their tools are separate from where you keep your storage and networking cabling and tools. Physical security includes maintaining a low profile. For example, if yours is the only building with lights on during a heat-wave-induced electrical power blackout, at least turn your outside lights off as well as other lights that can be seen from the outside so as to not draw unwanted attention.
- Logical security includes securing your networks with firewalls, running antispyware and virus-detection programs on servers and network-addressed storage systems. No storage security strategy would be complete without making sure that applications, databases, file systems and server operating systems are secure to prevent unauthorized or disruptive access to your stored data. Implement storage system based volume or logical unit number mapping and masking as a last line of defense for your stored data.