Best Practices for Storage Security
by Allan Rocek - Director, Professional & Education Services, Symantec Enterprise Administration - Wednesday, 9 June 2004.
Although types of sensitive data can be quite broad and vary from organization to organization, there are a few key types of information that every business should plan to protect. These include all data related to strategic plans, business operations, and financial data. Damage to or loss of any of this information can result in decreased sales, reduced competitive advantage, and decreased profits for the victimized company.

Companies also need to make sure that their backup, retention and recovery policies comply with industry standards and government regulations when thinking about the security of their storage. Industry guides such as the International Standards Organization (ISO) 17799 and government regulations such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act help provide a framework for improved corporate governance and controls. Accurately written and enforced, information security policies enable organizations to not only demonstrate their adherence with these critical regulations and standards but also articulate their own.

Combine Backups with Other Security Technologies

Companies also should plan beyond back up storage and use preventative measures to ensure systems are safe guarded. This includes the use of antivirus software, firewalls, and intrusion detection software. Intrusion detection, which acts as an alarm system protecting vulnerable data from both internal and external threats is vital because it monitors critical files for tampering and checks network traffic for "attack signatures." If an anomaly is detected, an alarm notifies the administrator for further investigation or action. With intrusion detection, if an attack should occur, companies will have early warning to quarantine the threat and their current backup data, before damage can be done to critical systems. Also, using products and best practices for integration from the same vendor creates continuity planning, resulting in an easily managed comprehensive solution.

Final Notes

Survival in the modern business world requires strong backup and recovery plans. Companies can no longer sit back and wonder if something will happen, but must plan what to do when something does happen. Disaster recovery needs to be addressed immediately before disaster strikes. While disaster recovery is unique to each company and its environment, the guidelines mentioned above can serve as a solid foundation. The only way to make sure companies are protected as much as possible before an attack is to integrate security policies with regular and effective backups of their systems and important data. Additionally, they must have a recovery plan in place. Although creating a plan can appear overwhelming, trying to quickly recover from a disaster is near impossible without one—and that is something no company can afford.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //