As TechTarget’s Storage Decisions conference wrapped up today, I was perusing the conference site and noticed something peculiar about the sessions. There are sessions on backup. There are sessions on disaster recovery. There’s even one on ITIL. But nowhere could I find anything on storage security.
Sure, being a security guy, I’m biased in my approach, but if storage security is not being discussed at such a high-profile conference, where is it being discussed? Well, perhaps there’s some coverage at RSA, CSI, and related security shows, but I wouldn’t think those are the shows where storage admins are hanging out.
My point is, there’s still a disconnect between the perceived risks of storage systems and the actual risks. Based on just the storage-related vulnerabilities in the past 12 months alone (search the word “storage” here), there are obviously some things that should concern any given business. Storage is more than boring old disk drives; it’s applications, operating systems, and firmware that present a relatively broad attack surface on the network. What is your organization doing about it?
Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.