To Protect And To Serve – A Storage Admin POV
Many years ago, I changed jobs from a systems administrator to a storage admin. I decided to attend a small symposium on storage security to improve my skill set and gain a better understanding of issues surrounding data security. I wanted to learn about the sorts of matters I might encounter in my new role and was completely surprised by what I learned.
Here is a synopsis of the symposium:
- Many organizations face the challenge of implementing protection and data security measures necessary to comply with a wide range of regulatory, statutory, and other legal requirements
- Storage systems (actually the data they contain) play an important part in many of these issues
- Storage managers and administrators may be asked to assist in supporting a variety of legal actions as well as help their organizations guard against data transgressions
- Storage administrators need to be capable of taking abstract regulatory, statutory and other legal requirements and translating them into implementable solutions
It was also strongly suggested that the storage administrator partner with the legal or security office to ensure these solutions address the organization’s compliance requirements.
Returning from the symposium, I immediately began working with our security office to understand what regulatory requirements the organization needed to be following and where data that fell under those regulatory requirements was being stored and how much of it was going to be migrated to our shiny new SAN.
Together the security office and I created data governance policies and defined data classifications that spelled out what types of data – such as highly confidential, financial and personally identifiable information (PII) – could be stored on the SAN. This was a monumental effort and the project was never fully completed before I left the organization. More importantly, the organization was never able to find all of the confidential data as defined by our data classifications.
Fast forward to today. Things have changed. Not only am I a tad balder and years older, but data-aware storage has arrived on the scene. If the DataGravity Discovery Series had existed back then we could have migrated our data to it and we could have been well on our way to legal compliance. Additionally, we could have easily audited who was inappropriately accessing highly confidential and financial data and PII.
Legal issues and requirements are impacting the storage infrastructure and personnel as never before, and this trend will to continue. So, as the storage administrator or storage manager, you need to be aware of the regulatory and legal requirements your organization should be following and be proactive in managing your storage to detect, protect and secure the data that you’re entrusted with.
To learn more about how the DataGravity Discovery Series can help you search and discover PII and understand where you might be deficient, I encourage you to read our Governance, Risk Management and Compliance Solution Brief.2 Likes