InfoWeek reporting on The451's assessment of SAN security. They cite, in part, the complexity of the SANs that's causing the problem.
This underscores a refrain that most people who've heard me speak on security have heard before: "There's no business without security." No matter what the business need, be it storage, collaboration, knowledge management, etc- it has to be secure to be reliable and run properly for the business. Security on the edge isn't enough. Companies that say, "we're secure- we've got a firewall and use SSL on our web site" don't get it.
Security is the foundation of business, more correctly- risk management is. SAN needs to be secured and so does every other facet of the organization. From the way people are trained, to the way data is managed, to every line of code in the applications used. Until businesses accept this fact, and act on it, stories like this "Ooops, SAN isn't secure" article are going to continue to appear and unexpected vulnerabilities will plague enterprises in a costly way.
Posted by Diana at May 19, 2003 07:18 AM