COMPLIANCE COUNSELOR
Storage security: Enforcing policies and procedures that work
Linda Christie
07.03.2001
Rating: --- (out of 5)
According to the 2001 Top Ten Technology List published by The American Institute of Certified Public Accountants (AICPA), information security and control ranks as the number one concern in the CPA profession. However, Steve Munroe, chief operating officer for Interliant, a global provider of managed application hosting and professional consulting services, says that designing a secure storage architecture alone isn't enough.
"The majority of security breaches occur in-house," Munroe says. "You can architect great technology, but if you have a password problem, or if people are not following procedures, it won't do any good."
To improve the security for your data, Munroe recommends the following:
- Perform routine backups of your operating system, programs, applications and all data files. "Without backups, most businesses never fully recover from data loss," Munroe says. "Tapes should be stored in a fireproof vault with duplicates periodically sent to a secure facility offsite, not to an employee's home."
- Separate your back-up network from main traffic. "Don't back up secured data over a network that everyone else uses," he says. "Restricting access to the back-up network will allow you to more effectively control access to back-up equipment and applications."
- Make sure your back-up equipment, tape library and tapes are kept in a secure area. "The room that houses your back-up server, tape library, and backup tapes should be locked," Munroe says. "Only authorized personnel should be allowed to enter this secured area."
- Make sure that the personnel charged with performing backups are competent. "Train personnel in charge of performing backups to use written procedures that follow good security practices," he says.
- Make sure all locations are using secure backup procedures. "If you have multiple locations, make sure someone at these remote facilities owns and follows back-up and security policies," he says.
- Make sure that your security policies are being used. "Ignoring policies fosters cynicism and the belief that management isn't really concerned about security," Munroe says. "Conduct staff awareness and training programs emphasizing the importance of following backup procedures and maintaining security."
About the author
Linda Christie is a contributing editor based in Tulsa, Oklahoma. She's a regular contributor to the biweekly "Storage Management" newsletter pulished by SearchStorage.com.
For more information, visit these resources:
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
