Everyday we hear about data security breaches regarding social media, companies, governments, organizations, private devices, and on and on. Having worked in the storage management business for most of my career my first thought is how did they leave themselves so exposed. After reading the details there are many that could have been avoided and some where the answer is not so clear. We also don't hear about the ones that successfully prevented unauthorized access to their data. I want my data to be in the last category - successful protection. Understanding your options is a great way to evaluate your data protection environment or help you plan for implementing a secure system for your data. We just published the IBM Redpaper IBM Spectrum Scale Security to describe the security possibilities for Spectrum Scale implementations. Here is an overview of the organization and scope of the Redpaper.
Security for storage systems can be classified as follows:
- Data storage (data at rest, which includes data durability and immutability)
- Access to data
- Movement of data (data in flight)
- Management of data
IBM® Spectrum Scale is a software-defined storage system for high performance, large-scale workloads on-premises or in the cloud. IBM Spectrum™ Scale addresses all four aspects of security by securing data at rest (protecting data at rest with snapshots, and backups and immutability features) and securing data in flight (providing secure management of data, and secure access to data by using authentication and authorization across multiple supported access protocols). These protocols include POSIX, NFS, SMB, Hadoop, and Object (REST). For automated data management, it is equipped with powerful information lifecycle management (ILM) tools that can help administer unstructured data by providing the correct security for the correct data. The various aspects of security in IBM Spectrum Scale™, include the following items:
- Security of data in transit
- Security of data at rest
- Hadoop security
- Secure administration
- Audit logging
- Security for transparent cloud tiering (TCT)
- Security for OpenStack drivers
For example, Chapter 9 describes Security for transparent cloud tiering (TCT). It starts with a high level figure shown here.
The Chapter drills down to the following detailed items:
- Securing data in flight and at rest
- Securing the keys that are used to protect the data
- Configuring transparent cloud tiering with an external key manager: IBM Security Key Lifecycle Manager
- TCT daemon communications
- Security of TCT commands
- Data integrity protection
- Security considerations while configuring a cloud object storage
Data Security is a never ending process of planning, implementation, and validation.