Secure data storage for SMBs -- easy and cheap

For SMBs, this isn't an easy puzzle to solve. The high cost of setting up a storage area network (SAN), or even standalone dedicated file servers for high-volume storage, combined with the complexities of implementing the required encryption, are enough to scare away any SMB with a limited IT hardware budget.

But there are options for securing storage for SMBs, even from big vendors that normally sell their products to large enterprises, scaled down, priced right and with manageable encryption that won't require an army of mathematicians and engineers to understand it.

There are three steps for securing IT storage at an SMB: planning, choosing the hardware and architecture, and implementing it.

Planning

The planning stage consists of a thorough risk analysis of the data needing to be archived. Usually, such data falls into three broad categories: marketing and sales records, old email and documents with customer information and details of past transactions or confidential company plans.

Marketing and sales records, if they can't be tied back to individual customers, are often of low risk. Used for projecting long-term sales trends, they don't require as much airtight security as customer information, company plans or transaction details, all of which, if exposed, could put the company at risk. Email is hit or miss. It ranges from the innocuous to the deadly, laden with juicy corporate information that would make an industrial spy salivate.

After categorizing the data, it should be sorted based on risk. High-risk data should never be stor

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Data centers and infrastructure for the midmarket Pricing out Windows Server 2008 for virtualization cost efficiency Data center strategy starts with the business Desktop and application virtualization: Lessons learned FAQ: What is unified communications, and why would I want it? Virtualization technology creates hosts of problems for midmarket IT shops Virtual servers key to consolidated data center Fixed-mobile convergence saves firms costly mobile phone charges Virtualization the center of county's 'disaster avoidance' plan Five tips that could change your data center Converged networks a risky business Data storage for the midmarket Disaster recovery plans solve bare-metal recovery problem via VMware The price of data center outsourcing: Security, costs and more explored Data center virtualization: User best practices Firm moves from tape backup to managed backup and recovery service IRobot CIO dishes on virtualization, disaster recovery and compliance Leading iRobot's IT: Virtualization, disaster recovery and compliance Midmarket data center management guides: Tips and best practices Midmarket IT budgets hit by economic downturn Taking electronic records retention management to the next level Virtualization as a disaster recovery strategy?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ed with low-risk data that's on less secure storage. Storage security isn't just about encryption; it's also about strategically putting your data in the right place. Just because something is encrypted, doesn't mean it's secure.

Choosing the right tools

Choosing hardware and architecture can be the most difficult part of the whole process. The number of vendors and range of products is staggering. Large vendors, like EMC Corp, Hewlett-Packard Co., Cisco Systems Inc. and IBM, all have offerings with security features and are scaled down due to increased demand by SMBs.

But there are also smaller players catering to the SMB market, like Brocade Communication Systems Inc., Decru Inc., MaXXan Systems Inc. and NeoScale Systems Inc. San Jose, Calif.-based Brocade allows segmenting hardware for different levels of storage, say, based on risk, and uses Fibre Channel SANs to connect servers and storage. It uses Secure Shell Telnet to manage switches and a Web-based interface for administration. Redwood City, Calif.-based Decru offers its own DataFort encryption technology, which encrypts data in transit, without having to install new switches. Both Brocade and Decru are in the $10,000 to $30,000 price range, depending on implementation.

San Jose, Calif.-based MaXXan's CipherMax similarly encrypts data en route and integrates into an existing SAN, even with different types of media, such as tapes or drives. CipherMax is a hardware encryption solution meant to increase performance over software encryption. It also provides a built-in key management system.

CryptoStor from Milpitas, Calif.-based NeoScale is another intriguing product that bills itself as easy to use for smaller storage networks. It provides encryption and centralized management, allows for SAN segregation and separate access management, and is scalable for future growth of your network storage. CryptoStor works with Fibre Channel SANs rather than IP SANs.

Accompanying software for security management of these products includes the SANtegrity Security Suite from McData Corp. in Broomfield, Colo. The suite provides reports on security events and incidents and checks for secure configuration of networks and ports.

When shopping for storage security products, keep the following in mind:

Implementation

Security storage products are part of the communication link between your network and your SAN. The two options are Fibre Channel and IP. Conventional wisdom is that Fibre Channel is faster than IP. The drawback is that it's also more expensive and requires technical expertise that might not be available in-house.

In some cases, the decision may already be made for you, depending on the product you purchase and which option it supports. For an SMB, the cheaper and easier route might be IP. Again, consider this when shopping around, so as not to get locked into something incompatible with your network or SAN.

With careful planning, a strong risk assessment to segregate data and a thorough review of your network needs, securing your storage can be painless and cost effective.

Joel Dubin, CISSP, is an independent computer security consultant in Chicago. He is a Microsoft MVP in security, specializing in Web and application security, and the author of The Little Black Book of Computer Security, available from Amazon.com.