Integrated security: a holistic approach to data storage security. (Storage Networking).In today's business Today's Business is a show on CNBC that aired in the early morning, 5 to 7AM ET timeslot, hosted by Liz Claman and Bob Sellers, and it was replaced by Wake Up Call on Feb 4, 2002. environment, companies are leaving behind the days of the 9-to5 schedule and entering a 24x7, always-connected business arena. Enterprises are more dependent on their networks for business transactions, external data sharing The ability to share the same data resource with multiple applications or users. It implies that the data are stored in one or more servers in the network and that there is some software locking mechanism that prevents the same set of data from being changed by two people at the same time. and simple day-to-day communications, increasing the need for these networks to be more accessible and operational. As network accessibility becomes easier, so does gaining access to stored critical data. The risk for corruption of stored data is at an all time high; companies face tough challenges ensuring the security of these networks, including limiting access to the appropriate people. For most companies, data stored on the network remains one of the most critical corporate information assets. Data storage concerns have always been a top issue for IT managers, but the unprecedented challenges of today have increased the importance of data storage responsibilities for both IT managers and other senior executives. This uncertainty creates uneasiness and a lack of peace of mind. Companies can no longer view the role of information security as an IT option, but must treat it as a critical business enabler. Factors Leading to Security Concerns The number of email-borne viruses continues to rise each year; presently, malicious code presents a high risk to organizations by infecting and spreading quickly throughout the storage network before detection. At the same time, threats to the network have become increasingly sophisticated, with attack techniques that employ multiple methods to discover and exploit network vulnerabilities. For instance, the viruses, worms and Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
Enterprises not only need to worry about older threats such as viruses and worms, but also new "blended threats Using several techniques to attack a computer system or network. After all, why adopt just one method when viruses, worms, Trojans and software vulnerabilities used in clever combinations can help to ensure that more systems are compromised and more people are harmed? See virus, worm, ," such as CodeRed and Nimda. These threats combine the characteristics of viruses, worms, Trojan horses and/or malicious code with server and Internet vulnerabilities to initiate, transmit and spread an attack. By utilizing multiple methods of attack and self-propagation, blended threats can spread rapidly and cause widespread damage. Blended threats are particularly perilous because they are designed to exploit the vulnerabilities of independently deployed and operated security technologies. Attacks from hackers--whether disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see employees, contractors or anonymous outsiders--can lead to company downtime The time during which a computer is not functioning due to hardware, operating system or application program failure. , cleanup costs and the often-unrecoverable cost of stolen proprietary data stored on the network. By exploiting security vulnerabilities in an organization's network, hackers can gain access to important network or stored data resources for purposes of removal, duplication or even destruction of proprietary assets. Hackers also are capable of disabling dis·a·ble tr.v. dis·a·bled, dis·a·bling, dis·a·bles 1. To deprive of capability or effectiveness, especially to impair the physical abilities of. 2. Law To render legally disqualified. a single computer or even entire networks using denial-of-service (DoS) attacks. These are explicit hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. attempts with the sole intention of keeping legitimate users of a network from using that service and/or disrupting normal business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets . Examples of these DoS attacks See denial of service attack. include attempts to "flood" a network, thereby blocking legitimate network traffic, and attempts to disrupt connections between two machines, thus preventing access to services. The Business Impacts of Storage Network Attacks In addition to general network damages, serious business impacts may also result from attacks on storage networks, contributing to the feelings of insecurity and vulnerability among enterprises. The business impact of an attack on a network may be easy-to-quantify, such as interrupted business operations or damage to stored data. On the other hand, the impact of an attack may be difficult to calculate, such as damage to brand equity. Downtime due to an attack results in lost productivity and revenues, and the costs associated with restoring a hacked network can increase the overall financial impact of such an attack. In addition, documents and other stored data can be extremely difficult or impossible to replace. Currently, tense conditions in the intellectual property arena also create concern, as hacking attacks can lead to legal matters involving lost or stolen confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead . Organizations that have become victim to hackers may encounter legal battles or may be forced as defendants or key witness in a lawsuit if proprietary information has been lost. This process not only restricts employee productivity and company cash flow, but also may cause irreparable ir·rep·a·ra·ble adj. Impossible to repair, rectify, or amend: irreparable harm; irreparable damages. [Middle English, from Old French, from Latin damage to a company's reputation, even if exonerated by the courts. Moreover, the loss or theft of stored data can pose serious consequences, even rendering the company's market position untenable. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the "2002 CSI/FBI Computer Crime and Security Survey," the most serious financial losses due to security breaches include theft of proprietary information--26 respondents reported total losses more than $170,000,000. Damage to brand equity can come in many forms, but each is capable of degrading a company's position in the marketplace. For example, if important customer information, such as credit card numbers, phone numbers, addresses, etc., is stored on a company's network and then stolen or publicly displayed, restoring customer confidence may be difficult and even impossible to attain. The Weaknesses in Current Security Solutions With companies placing such high value on stored data as a corporate asset, it is imperative that this data remains safe from corruption. Current security solutions, however, do not adequately protect this data. Multiple point products designed for an isolated task, such as detecting a worm, virus or preventing an intrusion, typically comprise these solutions. Because these products must be purchased, installed, deployed, managed and updated separately, they can be time consuming to install as well as difficult and expensive to manage. IT managers using multiple point products must also address problems related to the lack of interoperability between each of the products. Cross-vendor interoperability issues often allow threats to slip through the cracks, and, due to the lack in protection, compromise security. Even when companies use the same vendor for multiple security products, this issue still remains, because these technologies typically are not designed to integrate and interoperate. Compounding the problem further, when an outbreak occurs, the "fixes" that each vendor provides must be tested and verified across the various technologies. This lengthy process slows response to attacks, potentially increasing the incurred costs. Independent point products also can degrade TO DEGRADE, DEGRADING. To, sink or lower a person in the estimation of the public. 2. As a man's character is of great importance to him, and it is his interest to retain the good opinion of all mankind, when he is a witness, he cannot be compelled to disclose network performance; since the products are not designed to work together, they present a steeper performance hit. The Integrated Security Approach Integrated security is emerging as an effective approach to address the new storage challenges facing the connected business. As a guard against the prevalence and dangers of network attacks, integrated security offers a logical, comprehensive and holistic system addressing the main challenges and opportunities of today's networked enterprises-especially from a storage perspective. This method of defense integrates multiple security technologies, uses the principles of defense in depth, and employs complementary security functions at multiple levels within the IT infrastructure. With this approach, integrated security ensures the safety of stored data and reduces the risk of data corruption Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. . Integrated security systems can integrate with key security technologies including firewalls, intrusion detection See IDS and IPS. , content filtering See Web filtering and parental control software. , virtual private networks (VPNs), vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. and virus protection. When these technologies combine to work together as part of an integrated solution, the enterprise enjoys complete protection against both simpler and more sophisticated threats, including viruses, worms, Trojan horses, blended threats and hackers. In addition, integrated security uncovers security gaps and suggests improvements, secures connections beyond the perimeter, identifies and eliminates unwanted content traffic, detects unauthorized access, and controls all network traffic by screening the information entering and leaving the network. By adopting a comprehensive strategy that holistically addresses security at each tier of the network-the client, the server and the gateway--organizations can ensure the security of the stored data as well as guarantee that content remains untouched and in its genuine form. Most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , an integrated security approach eases cost conscious businesses, by offering the most effective security posture at the optimal cost-benefit ratio Cost-benefit ratio The net present value of an investment divided by the investment's initial cost. Also called the profitability index. , as compared to multiple point product security implementations. During the economic climate downturn and time of insecurity at all levels, integrated security offers users incomparable (mathematics) incomparable - Two elements a, b of a set are incomparable under some relation <= if neither a <= b, nor b <= a. protection without compromising budgetary limits--an invaluable benefit for any corporation. Barry Cioe is senior director of product management at Symantec (Cupertino, Calif) www.symantec.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion