Data Security: None of Your Business?

Is it a direct-attached storage issue or a security issue? Is it something you think the IT security staff is tracking, or have the storage admins jumped all over this like Olympic decathletes?

Im talking about portable devices that run the gamut from iPods to USB and PCMCIA devices, digital cameras, and DVD drives. You’ve seen the ads for what are essentially highly mobile hard drives – "Take your desktop with you!” – or the contents of the enterprise’s customer database, or the spreadsheets from last quarter’s financials.

And the price of these things needn’t be a barrier to malice or negligence. While cheapskates like me are loath to pony up $300 for the non-Nano iPods, a 2-gigabyte USB drive can be had for well under $200.

Data theft – or, more benignly, data loss – is not a new phenomenon. Yes, I know that some of these flash-drive devices offer the strongest encryption available or that they come equipped with dual-factor authentication, in the event of loss.

But that’s loss (or theft) outside the enterprise.Inside, your server log files can be set to flag big copying jobs above certain thresholds. Auditing tools can track user behavior, workgroup to workgroup, desktop to desktop.

In this vein, I was intrigued by a newswire item about a piece of software from SmartLine. (See SmartLine Intros DeviceLock.) Its DeviceLock product scans the network and generates a report about all the USB, PCMCIA, and FireWire devices it finds. It can then be set to track specific desktops and spit out the awful truth in spreadsheet form.

In an era when ID theft is on the upswing and backup tapes are falling out of delivery vans, we know that data security is everybody’s responsibility. But is it your job? Are you specifically tasked with locking down databases and desktops from negligence or e-vandalism? Does the lead IT security person meet regularly with storage and backup staff?

We’re curious how you handle this technical/political hot potato. Click here and take our online poll to help us understand how this issue gets delegated in your data center. In a few weeks, we’ll let you know where you and your colleagues fall on this continuum.

In the meantime, store safely and store often.— Terry Sweeney, Editor in Chief, Byte and Switch