When you hear the word “storage,” what typically comes to mind? Likely NAS, SANs, DAS, data centers and so on, right? Well, there’s another component to storage that tends to get overlooked…at least in the context of oversight, security, and compliance. That is: mobile storage. From smartphones to external hard drives to iPads and beyond, there’s easily as much storage capacity on your business’s mobile systems as there is in the traditional storage environment. That’s a big deal.
So how are you keeping that storage environment under wraps? Management will often proclaim,“We have a policy against placing sensitive information on mobile devices,” and go on to say, “We trust our users to do the right thing.” This is all fine and dandy on paper but in reality, there’s a lot of risk any given business is bearing due to unprotected – or underprotected – mobile storage. If I were a betting man – and I am – I’d venture to say that 95% of all storage-related risks is in your user’s hands, literally.
Keep this in mind when securing your storage systems; there’s a big payoff to be had if you do. Otherwise, when someone – such as a business partner, auditor, regulator, or opposing legal counsel – asks you if your storage environment is secure, what can you truthfully say?
For further reading, check out the pieces I’ve written for TechTarget on mobile storage security.
I’m in the middle of writing a whitepaper on data protection for CSOs, and it occurred to me just how often storage systems are overlooked in security testing. The typical security assessment involves servers, workstations, mobile devices, databases, Web applications, WiFi, and network infrastructure systems. You rarely see/hear anyone scoping storage systems in particular. Why is this? Do people just assume that they’re secure because they’re on a hardware appliance or they paid a gagillion dollars for them and surely someone thought about security along the way?
The reality is, if it has an on/off switch and an IP address, it’s fair game on the network. Not only do high-end NAS and SAN storage systems meet these criteria, but they also have other attack surfaces – especially Web interfaces – that make them that much more susceptible to attack. Unfortunately, such IPs and URLs may or may not be tested during any given internal vulnerability assessment depending on the scope and how deep the tester looks.
Whether you do it yourself or hire an independent information security consultant, when it comes time to scope your next security assessment, be sure to include your storage environment. If you don’t find the weaknesses, surely a bored or malicious insider will. Better to be proactive for something so critical to your business.
It’s a dark day for networking professionals, particularly the Cisco fans in their ranks: Apple’s iOS 4 will make their lives harder in more ways than one, but Cisco itself doesn’t seem to care.
While millions of gadgeteers worldwide oohed and ahead at the iPhone and iPad’s latest features, including video calling and better ads, networking professionals groaned because finding information about their bread and better, Cisco’s ubiquitous router and switch operating system IOS, just got harder.
As if it wasn’t bad enough that the iPhone and iPad are both notorious for causing trouble on campus networks, now Cisco fans face sifting through Apple-related information when trying to troubleshoot their hardware or just keep up on the latest news.
At first, many (including myself) though this might be a swipe by Apple at Cisco after the latter tried enforcing its iPhone trademark when Apple first launched their mobile device line. This time, however, Cisco did it all legal like, licensing rights to the term “iOS” from Cisco.
Looks like Cisco fans better brush up on their advanced search queries if they want to stay ahead of the Apple fanboys and girls.
The power of electricity has been long known, but only in recent years, with a focus on both being greener and saving money, that power management has again taking a high priority among large organizations. This guest post from Pam Seale, product marketing manager with Absolute Software, goes into some critical steps to keeping power consumption in line.
Few organizations will argue the value of power management policies. Not only is energy conservation an important part of environmental stewardship, but by defining when inactive computers switch to a lower power setting or turn off, organizations can easily reduce costs and please the bottom line.
It seems, however, that even fewer organizations are certain how to implement power management policies that both make sense for their work environment and are easily enforceable. So what are some of the key things to keep in mind when designing a power management policy?
Understand your current power reality. To find out where efficiencies can occur and to establish a benchmark to measure success, you need to know how much power your computers are currently consuming. The fastest way to collect this information is via a power management product-typically an installed agent that reports detailed metrics on energy use for each device and the overall fleet. You can also enlist the help of a power management ROI calculator to determine how much you can potentially save.
Note policy metric considerations.
- Work habits of internal teams: Power management schedules should be flexible to account for various users’ work hours; management products should allow you to define groups to which unique metrics can be applied.
- Power source settings: A battery-powered computer should probably be set to power down or hibernate after a shorter duration of inactivity than a device that is plugged into the wall. Power management policies should acknowledge this.
- Flexible actions: To accommodate diverse users, power management actions should be flexible-log out, hibernate, sleep modes, shut down, etc. Action triggers-how long a device must be inactive to activate them-should be equally accommodating.
Refine results. Power management tools should allow you to examine both current and historical power use, power on time, etc. Comparing these metrics will reveal where greater efficiency can be achieved.
Take advantage of rebates. Government and provider rebates, grants and subsidies are available to organizations that implement computer power management policies, and can cover some or all of the costs of your power management tools.
With the right tools in place and a basic understanding of your organization’s power use, power management policies need not be a daunting task. There are a number of products available today to help simplify the design and management of your power policies-it’s simply a matter of finding which solution supports the above capabilities and best fits your organization’s needs.
For more information on power management policies, and to learn about the power management capabilities of Absolute Manage – a cross-platform computer lifecycle management tool by Absolute Software – visit www.absolute.com/power or view the Absolute Software blog.
Even if your company was immune to being wiped out by a natural disaster, you’ve only thwarted about one percent of the threats against your data. Don’t get caught in the lurch when freak—or not so freak—accidents strike; back it up. For the ins, outs, pros, cons—and other short, plural words—of storage best practices, check out these blogs:
- StorageRap: Marc Farley is an author and blogger, covering topics such as storage networking, technology, applications and markets.
- Storagezilla: Mark Twomey is zero parts lizard and all parts EMC whiz. This is his personal blog, however, and EMC is in no way involved with what he blogs about.
- The Storage Anarchist: Another chip off the EMC block, Barry Burke shares his personal politics regarding all things storage.
- Storage Soup: The editors at SearchStorage.com bring you a “lighthearted review of the latest industry chatter, trends and products in the storage arena.” Bon appétit!
- Pack Rat: Stephen Foskett is a self-proclaimed pack rat—in his personal life. Professionally, he’s a vendor-independent storage consultant.
- The Storage Alchemist: Storage technology industry leader Steve Kenniston blogs about his experiences in the storage community.
- The Storage Effect: Seagate’s blog dedicated specifically to all things storage.
- Online Storage Optimization: Carter George, co-founder of Ocarina Networks, provides industry commentary and info on Ocarina’s “unique storage optimization technology.”
- Chuck’s Blog: An EMC insider himself, Chuck Hollis blogs on all things technology including, you guessed it, storage.
- StorageMojo: The founder of TechnoQWAN LLC, Robin Harris also blogs at his ZDnet blog, Storage Bits.
According to Friday’s IDC Worldwide Quarterly Disk Storage Systems Tracker as reported by IT News’ Lucas Mearian, external disk storage sales experienced a year-over-year growth of 17.1 percent, with $5 billion in revenue in Q1 of 2010. The disk storage systems market had a revenue of $6.7 billion—an 18.8 percent growth—shipping 3,397 petabytes of capacity, up 55.2 percent.
For a bit of perspective, this comes after a 4 percent drop in sales last quarter for external disk storage systems.
IDC analyst Steve Scully seems hopeful that this is indicative of what’s to come, that “people are looking to increase their IT spend,” but it’s too soon to tell.
The NAS market is the star of this story as companies attempt to manage the exponential growth of unstructured data. The other Cinderella is NetApp, whose products for unified storage helped them pull ahead from fourth to a tie for second place in revenue share with IBM after a 47 percent growth.
A Whole Bunch of Numbers
EMC leads the NAS market with 45.1 percent revenue share; NetApp trails right behind with 26.9 percent. The iSCSI SAN market experienced a revenue growth of 45.7 percent; Dell’s at the forefront with 36.9 percent and NetApp next with 14.4 percent.
The whole networked disk storage market is up 26.3 percent with EMC up front with 28.7 percent revenue share, followed by, you guessed it, NetApp with 13.7 revenue share.
Despite Scully’s hesitant optimism, these numbers hint that storage solutions’ increased priority means increased IT budgets and spending overall.
What are you and your company allocating to solutions for storage in 2010? What are your predictions for the key players in storage solutions for the remaining quarters?
Like those houses on reality TV, packed to the ceiling with years’ worth of accumulated trash and newspapers, your data center’s filled to the brim. Except instead of disposables, you need solutions to deal with computer and storage systems. Valuable stuff. You probably don’t want some cow grazing—let alone relieving herself—nearby. Well, not so fast.
Despite the industry’s attempt to catch up with data storage and cooling, across-the-board efficiency is ranked right up there with the Tooth Fairy. Not gonna happen. Not all solutions are magical thinking, however, as HP’s most recent research has revealed. Can cow manure catapult your data center into a self-sufficient, powered and cooled machine? Looks like it.
The HP research team recently unveiled a paper that explores the sustainability of converting waste from dairy farms and cattle feedlots into electricity to power and cool energy-hungry computer data centers. The massive heat output generated by the data centers is in turn reused to break down the biomass, creating a self-sufficient system.
Sound like a bunch of BS? (Sorry, I couldn’t help myself.) HP Lab’s “Design of Farm Waste-Driven Supply Side Infrastructure for Data Centers” [PDF] cites the “design and operation of data center infrastructure [as] one of the primary challenges facing IT organizations and economies alike.” Set aside the benefits for data centers worldwide—it seems to be the perfect symbiotic relationship of solutions. The food industry is always under fire for its wasteful and sometimes questionable practices, with vegetarians citing that “methane is 21 times more damaging than carbon dioxide” as a reason to quit meat. With this new research, IT pros, farmers and meat eaters alike can celebrate this unlikely new partnership. Continued »
Every time I’m around tech-savvy lawyers, there’s one topic that seems to draw more smiles and gleaming teeth than any other: Digital storage and the costs, compliance and complexity around it.
Data backup and recovery is difficult enough, but what really gets their chops gleaming is data discovery, also called e-discovery, which generally relies on a second set of data backups. As SearchDataBackup’s W. Curtis Preston explains:
Basically the purpose of a data archive is not going to be met by a backup app. If someone asks you for specific emails, you’re not going to be able to go to your backup system and ask that question. For example, let’s say you have a full backup of Exchange every week for the last seven years. Then someone comes to you and says, “I want all of these emails with this word in them.” What you’re going to need if you want to extract this information with a backup application is restore the entire Exchange server and then extract out of that Exchange server the files that you need from seven years ago. Then you’re going to need to restore Exchange again to seven years ago minus a week, and do that all over again and over again, and in this case, roughly 150 times. Then you’re going to have to extract from it what you need. So doing satisfying archive requests with data backup and recovery software is something you’ll only do once. You’ll try it and then say to yourself, “We should have used archive software to satisfy this requirement.”
So not only is all your data being stored 4 or more times over on RAID disks, storage professionals need to coordinate with legal and compliance teams to make sure that the archival systems are up-to-date and ready-to-go, and they’re rarely either, out of the box. That means it’s a very good thing that storage prices have been shrinking over the years: As a study by IDG predicts, data production is booming, with an estimated 988 Exabytes of data being created this year. That means planning not only for the raw costs of storage but the expertise to make sure it satisfies all of the growing tasks our storage is called upon to perform. You can rest assured there is plenty of that earmarked to keep those lawyers well fed for years to come.
Michael Morisy is the community editor for ITKnowledgeExchange and formerly the news writer for SearchNetworking and SearchTelecom. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.
A couple of days ago, the IT watch blog revealed its “Cream of the Twitter Crop: Storage Edition.” Of course, we’re just one entity, so we’re always looking for feedback and suggestions. Well, we got it! Thanks to everyone for their retweets, suggestions and participation; it is much appreciated. Here’s what some of our members and Twitter followers had to add:
- AceSage: He blogs over at Storage Sanity and tweets about storage, virtualization and the cloud.
- nigelpoulton: He “dives deep” into IT topics such as storage, data centers and I/O virtualization over at NigelPoulton.com.
- storagebod: Storage Manager and blogger over at Storagebod.typepad.com.
- SFoskett: Stephen Foskett focuses mainly on data storage, virtualization, the business side of IT, and “understanding the accumulation of data” over at his blog, Pack Rat.
- HPStorageGuy: Calvin Zito has been in IT for over 25 years, and his expertise in data storage inspired him to send us some feedback as well.
Sometimes it’s hard to tell which straw will break the camel’s back. It’s not so difficult with Google. Their last straw? Chinese hackers. Remember back in January when Google announced it’d be pulling out of China and moving into Hong Kong? That was a reaction to a serious information breach, as reported at IT news: “Chinese hackers had broken into [Google’s] network and stolen confidential information.”
Google’s response? According to the Financial Times, Google has decided to replace internal use of Windows OS, offering Mac OS for Apple users and Linux for PC users instead. The forthcoming Chrome OS will soon be an option. Though the policy requires Googlites who want to use a Windows machine to receive approval from the CIO, the unnamed Google employees interviewed by the Financial Times cited the changeover as “semi-formal.”
Despite the Hyraq Trojan’s taking advantage of IE 6’s vulnerability and gaining access to Google PCs and Gmail accounts, Microsoft stood up for its OS and security measures.
Spokesperson Brandon LeBlanc in the Windows blog:
When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else….third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.
Microsoft has taken a few hits lately—losing the most recent patent battles and being overshadowed by Apple as the most valuable technology company. With Microsoft’s recent revamp of Hotmail, the two companies’ rivalry has increased. Will this further serve to isolate Microsoft in the consumer and enterprise markets? What steps do you think Microsoft should take (other than writing an articulate blog post, of course)?