Best Practices for Storage Security
by Allan Rocek - Director, Professional & Education Services, Symantec Enterprise Administration - Wednesday, 9 June 2004.
Although types of sensitive data can be quite broad and vary from organization to organization, there are a few key types of information that every business should plan to protect. These include all data related to strategic plans, business operations, and financial data. Damage to or loss of any of this information can result in decreased sales, reduced competitive advantage, and decreased profits for the victimized company.

Companies also need to make sure that their backup, retention and recovery policies comply with industry standards and government regulations when thinking about the security of their storage. Industry guides such as the International Standards Organization (ISO) 17799 and government regulations such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act help provide a framework for improved corporate governance and controls. Accurately written and enforced, information security policies enable organizations to not only demonstrate their adherence with these critical regulations and standards but also articulate their own.

Combine Backups with Other Security Technologies

Companies also should plan beyond back up storage and use preventative measures to ensure systems are safe guarded. This includes the use of antivirus software, firewalls, and intrusion detection software. Intrusion detection, which acts as an alarm system protecting vulnerable data from both internal and external threats is vital because it monitors critical files for tampering and checks network traffic for "attack signatures." If an anomaly is detected, an alarm notifies the administrator for further investigation or action. With intrusion detection, if an attack should occur, companies will have early warning to quarantine the threat and their current backup data, before damage can be done to critical systems. Also, using products and best practices for integration from the same vendor creates continuity planning, resulting in an easily managed comprehensive solution.

Final Notes

Survival in the modern business world requires strong backup and recovery plans. Companies can no longer sit back and wonder if something will happen, but must plan what to do when something does happen. Disaster recovery needs to be addressed immediately before disaster strikes. While disaster recovery is unique to each company and its environment, the guidelines mentioned above can serve as a solid foundation. The only way to make sure companies are protected as much as possible before an attack is to integrate security policies with regular and effective backups of their systems and important data. Additionally, they must have a recovery plan in place. Although creating a plan can appear overwhelming, trying to quickly recover from a disaster is near impossible without oneóand that is something no company can afford.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th