Is Encryption Overrated

When the subject of data security comes up, it often begins, and unfortunately, ends with encryption. Indeed, encrypting data is critical, but in most cases, if the hacker or malware program compromises a user or administrator account, then more than likely it will expose all the data to the hacker in the clear. Encryption as a cure-all for data breaches and protection against malware is overrated.

Encryption is the Primary Ingredient of the Security Sandwich

Watch On Demand

It is necessary to surround data encryption with strong authentication controls and advanced analytics to detect a breach before too much damage occurs. While most of the front-end authentication is the responsibility of network and security teams, the storage team has a role to play. User accounts, for the most part, have limited access to the environment, but these are the accounts on which the network and security teams focus their attention. Superuser accounts like those used to manage backup, replication and archive processes though are much harder to restrict and can do far more damage if breached. If the storage team can limit the number of superuser accounts it requires, then it can significantly reduce the impact of a breach.

A secure storage system, as we discussed in our recent webinar, “Three Reasons Storage Security is Failing and How to Fix it,” should provide the ability to have a single account provide data protection, data replication, data encryption and data archiving. A storage system with these capabilities could significantly reduce the number of required superuser accounts.

The other side of the security sandwich is analytics. IT needs to live in the reality that despite best efforts breaches will occur. Once a breach has occurred, IT’s primary objective is to identify the breach quickly and limit the damage. Analytics, running in real-time, can continuously scan for rapid file changes, the placement of executables on user data volumes, and consecutive failed login attempts. Once the system alerts IT to one or more of these situations, they can stop or eliminate the breach or malware.

Analytics and reporting also help with recovery. The reporting function should inform what files have changed. IT can then use the storage system’s protection capabilities, like snapshots, to restore just the infected file. Again, to learn more about why analytics is critical to delivering a completely secure storage system watch our on demand webinar “Three Reasons Storage Security is Failing and How to Fix it.

StorageSwiss Take

There is no security silver bullet. Securing an organization’s data requires a multi-layer approach. Often overlooked though is the role of the storage system itself. If vendors deliver security capabilities integrated into their systems, then organizations are empowered to secure their data and recover from data breaches or malware.

To learn more about designing a cyber-secure storage system, watch our on demand webinar “Three Reasons Storage Security is Failing and How to Fix it.” Attendees to the webinar can download an exclusive copy of our latest eBook “Designing Storage for Cyber-Security” in the attachments section.

Watch On Demand

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , ,
Posted in Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,893 other followers

Blog Stats
  • 1,255,913 views
%d bloggers like this: