Securing Storage
Like securing networks, securing storage involves logical and physical approaches.
Given that there are different types of storage devices, systems, and media to support
various applications and usage, from high-performance on-line to low-cost removable,
multiple approaches are needed. Protecting the endpoints—on one side, the applica-
tions and servers (virtual and physical) that access storage and on the other end, the
storage itself—is part of the solution. Also involved is protecting the network on a local
and a remote basis, as discussed in the previous section.
In general, techniques for protecting data on storage include physical safeguards,
protecting access to storage systems, and monitoring fixed or removable media.
Removable media include hard disk drives, FLASH solid-state devices, and magnetic
tape. Other forms of removable media include CDs, DVDs, and other forms of opti-
cal media. Also included in removable media are USB FLASH thumb drives, PDAs,
iPhones, Droids, and laptops.
One way of safeguarding data is to make sure that once it is written to a storage
medium, it is in the correct format and readable as part of basic data integrity checks.
Another form of preserving data is in storage media or systems that support Write
Once Read Many (WORM), to ensure that data does not get changed or altered as
part of securing it. Since storage can be accessed via block LUNs, devices, partitions,
or volumes, a means of protecting access in shared or multitenant environment is LUN
or volume mapping and masking.
With LUN or volume masking, only authorized servers are allowed to see the SCSI
target when using a shared Fibre Channel or iSCSI SAN. LUN or volume mapping
complements the masking or hiding process by enabling the different servers who see
only their own storage to view an address as being unique to them. For example, if
there are six servers, each accessing its own storage volume or LUN, with masking they
would not see each other’s storage in a shared environment. Similarly, with mapping,
the LUN presented to each server could be numbered 1 to meet operating system
requirements, yet each LUN 1 would be unique.
�Removable Media Security
Some organizations are exploring virtual desktop solutions as a means of moving away
from potential desktop data exposure and vulnerabilities. Many organizations are rac-
ing to encrypt laptops as well as desktops. Some organizations limit Universal Serial
Bus (USB) ports for printer use only. Some organizations are also beefing up audit trails
and logs to track what data was moved and copied where, when, and by whom. USB
devices are seen as valuable tools, even given all of their risks, to be able to move and
distribute data where networks don’t exist or are not practical.
An evolving dimension to protecting data and securing virtual data centers is
distributed remote offices and traveling or telecommuting workers who occupy vir-
tual offices. The threat risks can be the same as for a primary traditional data center
as well as others including loss or theft of laptops, workstations, PDAs, or USB
thumb drives containing sensitive information. When it comes to security, virtual
data centers require multiple levels of logical and physical security across different
technology domains.
In addition to tape and optical media, another form of removable media includes
various forms of FLASH SSDs ranging from thumb drives to PDAs, tablets- or
high capacity devices. Removable hard disk drives (RHDDs), more common back
in the 1970s and 1980s, have also reappeared. I myself utilize RHDDs for archiving
and stor- ing certain backups offsite in a secure safe. I also use cloud-based backup
services in addition to local disk-to-disk (D2D) backups.
While lost tapes make the headlines, research indicates that there are, in fact, fewer
actual tapes that go missing each year even though there are more reports. What this
means is that in the past tapes were not reported missing if they were lost or stolen;
however, given current regulations, the increased reporting can make it seem more
common. What should be of concern are how many laptops, notebooks, PDAs, cell
phones, or USB thumb drives get lost or stolen per month. Are these devices any less of
a risk than a lost tape or disk drive? That depends, of course, on what data is stored on
the missing device, but it is important to protect the data to be safe as well as to meet
applicable compliance regulations.
