back to article Is storage a security issue? Or is security a storage issue?

If you’re struggling to reconcile the demands of ramping up storage while keeping the data secure, AND ensuring application availability, you’re not alone. At least you won’t be this afternoon, because we’ll be running a Live Chat at 1400 BST, where we will talk through the technology and the challenges, and ask what it all …

COMMENTS

This topic is closed for new posts.
  1. Pete 2 Silver badge

    Security and users don't mix

    There is no "storage vs security" issue.

    If you have a design AND implementation that is intrinsically secure (hint: nobody does, the best there is are systems that will slow hackers down to a speed that matches the slow and ponderous decision making processes with an organisation ... sometimes), then adding more terabytes won't change that.

    Obviously you mustn't do anything idiotic, like have storage you can log in to, or control remotely, or physically remove. But a secure system can have 1GB of mass storage (though that's not very "mass") or 100 PB.

    However, more storage is generally a portent of bigger problems: users.

    Users hate security and will go to great lengths to subvert, avoid, negate and deny it. It slows them down. It makes them jump through hoops. It makes them type in stuff and remember stuff. In a JFDI world, it's an annoyance - and we'd all be better off without it (so I'm told). Thatt's not an unreasonable attitude, when your users are under-staffed, over-stressed and pressured to "do more with less". Given the lack of loyalty that companies show their users, why should the users show any back? Perhaps by caring about security and working diligently to implement it - after all, it's not their data.

    So if you want a secure system, first you have to secure the people who access your data. That starts by treating them with respect, instilling a feeling of ownership in them and rewarding them (monetarily or environmentally) for NOT making mistakes, taking shortcuts, and by giving them a system with security that is neither onerous nor intrusive. If you can do that, you will have the skills necessary to design systems that are secure by default - no matter how much storage they require. Better: you'll have users (and maybe even admins) who respect the need for that security. What you can never do is add security, like a new coat of paint, after the fact.

    1. Robert Helpmann??
      Childcatcher

      Re: Security and users don't mix

      So you are really saying the problem is not that the users don't care or aren't motivated enough to follow security, it's that management doesn't care enough to make it a priority. I'm not so sure that I would generalize users attitudes toward security (although I would hardly dispute your comments applying to a great number of worker bees). There are many reasons why security is not properly implemented, understood, or cared about at the user level. All of them require management to be engaged enough to set things on the right path. This includes spending money on preventative measures and employee training, neither of which bring more money in. It is hard to quantify how much money you would have lost if there was a security breach.

  2. Dale Vile, Freeform Dynamics

    Broader Reg Reader View

    Interesting comments above, and in line with some of what came out of a full survey of Reg Readers last year. PDF of report can be downloaded (with no registration) from here:

    The End User Security Jigsaw

This topic is closed for new posts.

Other stories you might like