Storage security largely ignored and at risk
Storage security largely ignored and at risk
Nov 04, 2004: While information security gains corporate attention, storage security is often overlooked and vulnerable to attack, according to recent research from the Enterprise Strategy Group (ESG).
The report, which is based upon surveys of 388 storage and 128 security professionals from organisations with revenues of $50 million to over $5 billion, concludes that storage security remains exposed and outside mainstream security activities. This conclusion is supported by the fact that 30 percent of storage professionals who took part in the survey said that organisational security policies and procedures do not include storage technologies.
"Just because storage sits behind firewalls, networks, and servers doesn’t mean it is safe," argues Jon Oltsik, senior analyst at ESG and author of the report. "This type of thinking is not only outdated, it is also dangerous. Most companies now have vulnerable storage networks that are accessible to many employees and can be managed over the Internet. A malevolent individual with the right skills could easily interrupt business operations or steal intellectual property resulting in millions of dollars of damage from a single event. Clearly, changes are warranted."
The report also found that 7 percent of the organisations polled have experienced a storage security breach, while an additional 20 percent didn’t know or couldn’t tell if they'd had a storage security breach. Furthermore, security breaches were widespread, impacting firms of all sizes regardless of their overall security commitments.
"In the security world, a 1-2 percent risk is unacceptable, so we were shocked to see such a high percentage of known storage security breaches. This is clearly one of those dirty little secrets that IT departments and storage vendors would love to sweep under the rug. Unfortunately, doing so could be costly mistake."
Related Article: