Defining data security vs. data protection

When you hear the phrase data security, what comes to mind? Encryption, key management, locked doors, tamper-proof audit logs, firewalls, biometric card key access, passwords, logical, physical, privacy screen filters or secure erase and asset disposal? Answer 'yes' to any of these among others and you are on track with regard to data security. However, there is confusion between terms like data protection, which can mean protecting data through backup, snapshots and replication, and terms that infer data security from a logical or physical standpoint.

This tip compares data security to data protection, including backup, replication for business continuity and disaster recovery, which you can learn about in other SearchStorageChannel.com tips (see sidebar). Data security, or, put a different way, securing data involves different techniques and technologies for some logical and some physical entities. To help understand how, as a storage reseller or services provider, you can provide different data security solutions to help your customers secure data, let's take a closer look at logical and physical data security and when and where they apply.

More on data security vs. data protection Ensuring secure backup for channel professionals Security, DR and CDP for the channel CDP for disaster recovery (DR) Data in transit and tracking options Tape encryption and data security options Data protection and archiving challenges in face of new FRCP rules Data Security Services Guide

Logical vs. physical data security

Logical security, particularly encryption, tends to get more coverage due to the increase in reported incidents of data being lost or stolen on laptop computers, disk drives or magnetic tapes. However, lost or stolen data can also be attributed to a lack of physical security and issues with logical security. Granted there are more external threats to data now than ever before, and you must secure data against threats beyond the confines of a customer's business to meet privacy and regulatory compliance requirements. Yet when speaking with IT organizations of all sizes, a common concern is internal threats, in addition to external threats.

Let's review some techniques and technologies to address various security threat risks.

Physical security services may include the following:

Logical security services may include the following:

The following table summarizes some common logical and physical security techniques and technologies to address various threat risks, as well as when and where they should be used.

Data Security Technology	When and Where to Use It
Encryption	Data in flight (being transmitted locally or remotely), data at rest on disk or tape, including online and offline data across different tiers of storage. Key management is an important part of implementing security.
Firewalls	Implementing rings or perimeters of defense around your servers and storage systems can involve firewalls to guard external and internal threat risks.
Secure erase	Host-software based, appliance or storage-system based to insure that deleted data is in fact deleted, and to insure the disk drives and tape media are securely erased.
Asset disposition	Make sure that discarded or retired tape media, laptops, desktops, servers and storage systems are safely and securely disposed and media is erased.
Authentication	Verify identity using at least username and password, if not additional means including biometrics.
Authorization	Based on valid credentials and permitted access rights, enable access to certain functions or resources.
LUN and volume mapping	Map or allocate specific storage volumes or LUNs to specific servers to insure that unauthorized servers do not gain access (read or write) to data and storage.
LUN and volume masking	Conceal certain devices, LUNs or volumes from servers on a shared SAN to prevent those servers from seeing and trying to access data storage resources.
Zoning	Control which servers and devices can see and access various resources in a SAN.
Video surveillance	Monitor who accesses various IT resources and equipment.
File system and directory access	Control who can read, modify or perform functions like backup on different forms of data.
Logical storage partitions	Create the illusion of separate, virtual storage systems to isolate various applications, customers or data types on a shared storage system.
Tamper-proof logs	Audit logs to track who accessed what resources, performed what functions, when and from where.
Intrusion detection	Determine when someone has accessed resources, and if they have been authorized or not authorized to do so.

Figure-1: Various logical and physical security techniques and technologies

As a storage channel professional, understanding the many dimensions of securing data including logical and physical security measures, opens the door for you to provide more data security services to your customers. For example, are your customers currently encrypting their data and if not, how can you help them overcome barriers preventing them from leveraging encryption. If your customers are currently encrypting data being sent off site because they are concerned about losing data, then you can work with them to address the bigger issue of avoiding data loss and theft.

The key -- pun intended -- to unlocking the data security potential for services is identifying various threat risks applicable to your clients' environments and aligning the appropriate logical and physical security to counter those threats. That's where you can be creative in offering new security services that encompass servers, storage, networks, facilities and software. You can learn more about securing your data, data protection and data security in general in some of my various tips and expert responses, as noted in the sidebar.

About the author:: Greg Schulz is founder and senior analyst of the independent storage analyst firm the StorageIO Group and author of the book Resilient Storage Networks (Elsevier).

Rate this Tip To rate tips, you must be a member of SearchStorageChannel.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Data Security Solutions Data security services: Physical and logical data security strategies Fibre Channel storage area network (SAN) security Data-in-transit security and tracking services Disaster recovery, data security and continuous data protection Tape encryption options and security services Data at rest security Storage Projects Top five storage channel tips of 2007 How to improve data backup time Disk libraries: Picking the right one for data backup Email classification, search and discovery for FRCP litigation Data security services: Physical and logical data security strategies Storage virtualization technology for the SMB Top five data storage services tips Storage network bandwidth planning: How to avoid network latency Planning storage area network capacity growth Consolidating data storage: Three key storage considerations Data Center and Server Room Storage TCP/IP offload engine (TOE) cards Server room design services tutorial Data center infrastructure management: Power and cooling tips Data storage hardware spending declines, CIOs show caution Server room design and data storage facility planning guide RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.