Los Alamos Lessons Loom Large

Recent security problems at Los Alamos National Lab should serve as a lesson for data center managers, analysts warn.

The top secret New Mexico research site has hardly been out of the headlines during the last few weeks, after two disks containing classified material were reported missing (see Los Alamos Searches for Lost Media).

Cue red faces all around on Friday, Secretary of Energy Spencer Abraham ordered that all Department of Energy operations using classified hard drives or computer disks be stood down until procedures are improved (see Abraham Orders CREM Stand Down).

Enterprise Strategy Group Inc. analyst Pete Gerr was not at all surprised by the problems at Los Alamos. ”Research labs and commercial businesses face these types of threats every day, and, in many cases, are not aware of all these threats,” he says.

To make matters worse, Gerr believes that many firms already have gaping holes in their security strategies, particularly when it comes to removable media, such as zip disks and hard drives. "It’s time for them to take a serious, honest look at their data security policies and procedures – I am sure that they [will] find areas where they are weak."Joe McKendrick, analyst at Evans Data Corp., also believes that many firms are seriously lacking in security. “Information is leaking from organizations everywhere – removable media is just one aspect of this,” he says.

But, before they can solve these problems, firms first need to work out exactly how much IT kit they are using, according to Gerr. “The inventory is just the beginning of understanding what you have from an end-user standpoint – then you can prioritize the applications and data sets and allocate the correct level of security to protect them.”

This may sound simplistic, but even the Department of Energy has been forced back to the drawing board following the problems at Los Alamos. During the current stand-down period, Abraham has ordered each of the Department's sites to complete a “100-percent” physical inventory of controlled removable electronic media (CREM), as well as weekly checks.

Gerr says there are also technologies on the market which can help improve the levels of security surrounding firms’ removable media. EMC Corp. (NYSE: EMC), for example, offers its Centera storage system, which could prove valuable for firms using storing data on serial ATA drives, according to Gerr.

Each individual file stored on the Centera device is allocated a unique identifier, which is essentially a digital fingerprint. This means that even if someone pulled a physical drive out of the Centera system, they would be unable to access the data without the unique identifier.But securing your critical data may not be as big a job as it first appears. Indeed, McKendrick believes that businesses only need to target a small part of their overall data: “There’s probably only about ten percent of information that needs to be closely watched and secured."

— James Rogers, Site Editor, Next-gen Data Center Forum