« Three "Big Themes" at Storage Networking World | Main | Is iSCSI a "disruptive technology"? No, it's not old enough. »

November 11, 2005

Data Security Broadly Defined

Lately NetApp has been talking a lot about data security. That's a natural follow-on to our Decru acquisition, but data security is much broader than Decru. In fact, it is broader than NetApp, because any comprehensive solution requires components from multiple vendors.

No single approach can secure your data. The threats are too diverse. Comprehensive security requires solutions in three key areas: Perimeter Security, People Security and Data Security.

Of course NetApp has products in all three categories, but rather than digging into that, I'd like to step back and look at the bigger picture. What do these three areas involve, and how do they fit together?

Perimeter Security

    Perimeter security is all about keeping bad guys out of your data center with technology like firewalls, anti-virus and web filtering.

    Folks who are really paranoid talk about air gap security (physically isolated networks), and TEMPEST security (protection against electromagnetic leakage). These are spook issues, but in normal business environments perimeter security is mostly about networking equipment and tools to process the data that flows through network protocols.

People Security (Authentication, Authorization and Auditing or AAA)

    People security is all about "Joe":

    • Authentication: Is this really Joe? Yes, that's his password or thumbprint.
    • Authorization: What is Joe allowed to do? He's a backup admin with access to all data.
    • Auditing: What has Joe done lately? Last Sunday he did a full backup.

    One hot topic in authentication today is using biometric data like thumbprints. I understand that some biometric systems will continue to recognize a severed thumb for up to 24 hours, if it is kept properly moist.

Data Integrity (protecting data at rest)
    Data integrity is about protecting data at rest on disks and tapes - keeping data safe, keeping it secret, and ensuring that you can delete it when you need to. The key technologies are replication (to ensure access) and encryption (to ensure secrecy and deletion).

    One reason data security is hard is that so many people have legitimate access to disks and tapes - everyone from the backup administrator, to the janitor in the data center, to the UPS person who delivers the tapes to Iron Mountain, to the clerk at Iron Mountain who stores the tape in the warehouse.

The key point is that without solutions in all three areas, your data isn't safe. Perimeter security is a great start, but doesn't protect against insiders. Encryption doesn't help if the wrong people are authorized to get the keys.

A big problem in data security today is that most people take too narrow a view. We need to broaden our customers' thinking, not just about NetApp's own solutions, but to help them understand solutions from folks like Symantec, Microsoft, Cisco, CA, McAfee, Trend Micro, WebWasher, Acopia, Juniper, Neopath, Websense, and so on.

Posted at 07:37 PM in Tech Talk |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/2345678/17860622

Listed below are links to weblogs that reference Data Security Broadly Defined:

Comments

The comments to this entry are closed.

Subscribe to This Blog


Recent Posts

Categories

Archives

Favorite Links

Recommended reading

About Dave



The views expressed on this website/weblog are those of the author alone and are not deemed to be approved or endorsed by NetApp.
© NetApp, Inc.  |  "Safe Harbor" Statement