What Storage Managers Need To Know About Security

Transcription

1 What Storage Managers Need To Know About Jon Oltsik Senior Analyst Enterprise Strategy Group in the mainstream Britney Spears: Singing, Sex, and Richard Clarke: Homeland, Shmomeland: Hot White House Stories Agenda Trends Storage Current Issues Future Considerations

2 Audience Response: Please raise your hand Over the next few years, information security will: A. Get more attention throughout my organization B. Get the same attention that it does today C. Get less attention than today D. Don t know E. Hey, go back to the picture of Brittany Spears, stupid! Trends First the good news Now, the bad news Incidents UP Budgets Up Vulnerabilities Down What s Driving? Regulatory Compliance Liabilities Threats New Technologies Internet Business Opportunities

3 CISO Priorities Put Out The Fires Align With The Business Integrate Into The Corporate Culture Architectural Changes Firewall VPN IDS Internet Internal Network Anti-Virus 2000 Firewall VPN Anti-virus IDS/IPS Content (Spam, URL, IM P2P, spyware, adware) Application security Honeypot Internet 2006 Internal Network Packet filtering VLAN ACL Anti-virus IDS/IPS Application security Firewall Network behavior monitoring End-point security Vulnerability Scanning Patch Management... Audience Response: Please raise your hand I believe that storage security is an issue that: A. Impacts the business B. Impacts IT but not the business C. Impacts the storage group but not IT or the business D. Don t know E. Hey, go back to the picture of Brittany Spears, stupid!

4 Which of the following factors would most likely influence your company s decision to purchase storage security products (choose all that apply): Regulatory Compliance 57% Auditor's Recommendation 56% Adherence to security policy 48% Reaction to security event 46% Don't Know 4% Other 2% Has your company experienced a storage security breach? We can't tell if we have a breach or not 8% Don't know 12% Yes 7% No 73% Storage Vulnerabilities Storage Management 1. Management Interfaces Server/HBA 2. Weak Authentication SAN Fabric 3. Fabric Configuration Storage IP Storage 5. IP Storage Exposed 4. Data in Cleartext

5 I believe my company is most vulnterable to a storage security breach through: Technical flaw 11% Don't know 10% A deliberat e attack by an employee 42% Human error/ Mis-configuration 33% An attack by an outsider 4% Storage Strategy Adopt Policies and Training Physical Storage Risk Analysis Employees Policies Storage Technology Harden All Storage Management Interfaces Purchase Secure Fabrics Monitor Impending Standards Investigate Storage Technologies Utilize IP MAKE YOUR VENDORS WORK!!!

6 What approaches do you believe your company will take to improve the security of your storage infrastructure? No plans 5% Improve policies and procedures 44% Don't know 5% Buy new storagespecific security products 12% Look to add security features from existing storage products 34% I believe my storage vendors' commitment to security is: Don't Know 11% Weak 7% Marginal 39% Strong 43% Future Considerations ILM More intelligence, data movement, geographical distribution More security headaches! IP Storage Shared infrastructure IP security issues More security headaches!

7 Summary Elevated status with business and IT More money, more focus Storage FC SANs introduce lots of vulnerabilities Solution: Policies, Organization, Technologies Future Directions Demand Storage Knowledge, Architecture, Cooperation Thank you. Questions? Jon Oltsik Senior Analyst Enterprise Strategy Group Mr. Oltsik is unable to attend the Ask-the-Experts booth. Please send additional questions to