click to visit StorageSearch.com home page
leading the way to the new storage frontier .....
military storage directory and news
military SSDs ..
SSD news
SSD news ..
Disk Sanitizers
Disk Sanitizers ..
Fast Purge flash SSDs directory & articles
fast purge SSDs ..
Data Recovery
Data Recovery ..
.....

View from the Hill - Storage Security

by Zsolt Kerekes - editor - StorageSearch.com - September 16, 2003

Storage Security covers a wide area of products, services and applications and has meant different things at different times.

In the late 1980's I noticed that my defense and intelligence customers would, whenever they left their offices, unplug the removable disk shuttles from their workstations and lock them in solid filing cabinets which were built like safes with two heavy duty padlocks. Since there were armed guards on the gates going into those establishments, and electrified fences I knew they weren't worried about burglars. I remember joking once to a customer at GCHQ (that's the UK equivalent of the NSA - if you're not familiar with Tom Clancy settings) that my own insurance company insisted on having window locks on all the ground floor windows of my house and that they didn't seem to have any... surely a weak point since anyone could just hop in.

I too, took physical security seriously, but I wasn't worried that anyone would be interested in stealing our obscure software and schematics. As a Sun oem and VAR I decided that we wouldn't use the low cost pizza box disk storage which became fashionable at that time. Sun's ads used to claim that you could now store all your company data and run your applications on these little boxes. This exaggeration was designed to show the contrast between the speedy little SPARCstation 2 servers which were three times faster than the older VAX minicomputers which cost ten times as much and needed air conditioned computer rooms.

After seeing how our office cleaners used to move around the stuff on people's desks when they were dusting, I got worried that one night all our data might just end up falling off a desk, crashing the disks. One of my engineers used to have about seven monitors connected to the different systems he was working on, and his desks used to get wobbly enough without any external help. So I decided that my form of physical security would be to use one of our production VME based SPARC servers as the R & D data store. This sat on the floor and was a two man lift. You could hit it with a hammer without doing any harm. Our VME crates had been type tested for RFI and physical vibration immunity by the electricity generating company who used them as high speed dataloggers when testing large electrical spikes across the national grid. So although it cost more than the pizza boxes, I didn't have to worry about minor physical accidents.

We even found, one morning, that the system had protected our data against a small fire which filled our offices with smoke, luckily when no one was there. That was an added bonus.

In today's computing environment, every company is under threat every second of every day. Not only do you have to block out malicious viruses which come down the wires in your email, but terrorists and criminals probe and attack every internet connected server so they can steal computing resources for sending out junk email, or steal your credit card data or shut down your web site. Recently a company that my wife consults for as a marketer, was upgrading their database and operating system. In the ten minutes or so that their system was running without a new firewall, every PC and server was trashed by viruses in both their sites. It took days to restore operation. The upgrade was being done by an IT services company.

The role of data security products is to protect against external and internal threats to your data integrity, while not impeding the smooth flow of legitimate information flows throughout your organization. Managing storage security is very complicated task because it involves actions at so many different levels. Some security service companies can audit your current networks and recommend how you can fix vulnerabilities. A marketing manager in one of those storage security companies told me recently that no one likes to admit that they have security problems, but even security conscious companies like banks are vulnerable. There have been several well publicised occasions when online banks and other major financial institutions have had security lapses which exposed all their customer details to anyone who wanted to take a look.

No single product can fix all the problems and hazards created by networked storage. A good approach is to go back and look at what works for physical security like my old customers in the defense world.

Outside you have the signs warning unauthorized people to keep away. On the approach road you have the concrete pillars to deter suicide ram raids by trucks laden with explosive. At the perimeter you have the barbed wire fences and the armed guards at the gate. Overhead you have constant helicopter patrols, and inside the perimeter you have surveillance by cameras, listening devices and foot patrols. And if an intruder gets that far, he may still be deterred when he discovers that what he wants is in a locked room. Inside that room is a locked steel case. And the data is inside the case. And just to make sure it's all encrypted.

Inside that data there are fake entries (just as in commercial mailing lists) so that if the data is ever used, there's a chance that the use can be detected and the user traced.

That's the kind of security you need. And just to be sure, you have a real time off site backup which can restore your data in case of fire, chlorine gas leak or flood.

Not much to ask really, is it?

See also:- Storage Security, Disk and tape sanitizers, SPARC history, storage history
STORAGE Security
Security on
StorageSearch.com


SSD ad - click for more info






If you're seriously interested in data security in SSDs you'll already know that encryption is simply a promise to delay access to secured data rather than a guarantee that it will remain denied to those who shouldn't see it.
Foremay fires patent warning shot re flash destruct











These scams rarely get trapped by spam filters... More importantly, the attacker is going to the trouble of understanding the various relationships within the targeted company.
Criminals Use CEO Emails to Target Companies











An ever present tension in SSD designs has always been - that making one thing better - can result in something else inevitably getting worse.
hold up capacitors in 2.5" military SSDs

storage search banner

Solid State Disk Manufacturers STORAGEsearch SPARC Product Directory ACSL - the publisher