White paper. Storing More Intelligently: Tiered Storage Solutions for Security Data



Similar documents
Six approaches to storing more intelligently.

Backup-to-Disk Building an Effective Long-Term Strategy

Pacific Life Insurance Company

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

Backup to Disk: Building a Long Term Solution September 2004

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Security Information Lifecycle

EMC arhiviranje. Lilijana Pelko Primož Golob. Sarajevo, Copyright 2008 EMC Corporation. All rights reserved.

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

Preemptive security solutions for healthcare

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Microsoft SQL Server 2005 on Windows Server 2003

Protect Microsoft Exchange databases, achieve long-term data retention

EMC Business Continuity for Microsoft SQL Server 2008

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Injazat s Managed Services Portfolio

Acme Corporation Enterprise Storage Assessment Prepared by:

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

EDS Storage Services Building on the EDS Agility Alliances. Shuky Peleg Solution Development EDS Israel December 5 th, 2006

IBM Global Technology Services September NAS systems scale out to meet growing storage demand.

WHITEPAPER. 7 Reasons Why Businesses are Shifting to Cloud Backup

EMC Backup and Recovery for Microsoft SQL Server

EMC SOLUTIONS TO OPTIMIZE EMR INFRASTRUCTURE FOR CERNER

EMC Virtual Infrastructure for Microsoft Applications Data Center Solution

Reference Architecture. EMC Global Solutions. 42 South Street Hopkinton MA

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

In the Age of Unstructured Data, Enterprise-Class Unified Storage Gives IT a Business Edge

EMC Backup and Recovery for SAP Oracle with SAP BR*Tools Enabled by EMC Symmetrix DMX-3, EMC Replication Manager, EMC Disk Library, and EMC NetWorker

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

EMC ISILON OneFS OPERATING SYSTEM Powering scale-out storage for the new world of Big Data in the enterprise

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

Strategic archiving. Using information lifecycle management to archive data more efficiently and comply with new regulations

Skadden, Arps, Slate, Meagher, and Flom

HP StorageWorks Data Protection Strategy brief

Carestream Information Management Solutions. Managing the explosion in patient information

How to Manage Critical Data Stored in Microsoft Exchange Server By Hitachi Data Systems

EMC Virtual Infrastructure for Microsoft SQL Server

How To Use The Hitachi Content Archive Platform

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Effective, Affordable Data Management with CommVault Simpana 9 and Microsoft Windows Azure

Data Sheet: Backup & Recovery Symantec Backup Exec 12.5 for Windows Servers The gold standard in Windows data protection

Bringing the edge to the data center a data protection strategy for small and midsize companies with remote offices. Business white paper

Maximize VMware with EMC

WHITE PAPER WHY ORGANIZATIONS NEED LTO-6 TECHNOLOGY TODAY

IBM Tivoli Storage Manager

16 TB of Disk Savings and 3 Oracle Applications Modules Retired in 3 Days: EMC IT s Informatica Data Retirement Proof of Concept

Sales Tool. Summary DXi Sales Messages November NOVEMBER ST00431-v06

RSA Executive Overview. Information Risk Management for the Financial Services Industry

Energy Efficient Storage - Multi- Tier Strategies For Retaining Data

Next Generation NAS: A market perspective on the recently introduced Snap Server 500 Series

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

THE CASE FOR ACTIVE DATA ARCHIVING

Things You Need to Know About Cloud Backup

How To Protect Data On Network Attached Storage (Nas) From Disaster

DISASTER RECOVERY ebook FACING DISASTERS HEAD ON

Optimized data protection through one console for physical and virtual systems, including VMware and Hyper-V virtual systems

OPTIMIZING EXCHANGE SERVER IN A TIERED STORAGE ENVIRONMENT WHITE PAPER NOVEMBER 2006

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Using EMC SourceOne Management in IBM Lotus Notes/Domino Environments

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

WHITE PAPER. Get Ready for Big Data:

ILM: Tiered Services & The Need For Classification

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments

D2D2T Backup Architectures and the Impact of Data De-duplication

EMC PowerPath Family

Using HP StoreOnce Backup systems for Oracle database backups

The Hybrid Cloud Approach: CA ARCserve D2D On Demand

EMC Celerra NS Series/Integrated

Virtual Provisioning. Management. Capacity oversubscription Physical allocation on the fly to logical size. With Thin Provisioning enabled

Data Management using Hierarchical Storage Management (HSM) with 3-Tier Storage Architecture

Payment Card Industry Data Security Standard

Introduction to NetApp Infinite Volume

Quantum DXi6500 Family of Network-Attached Disk Backup Appliances with Deduplication

EMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care

HP ProLiant Storage Server family. Radically simple storage

IP Storage in the Enterprise Now? Why? Daniel G. Webster Unified Storage Specialist Commercial Accounts

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

EMC Backup and Recovery for Microsoft SQL Server

Interior Health Authority, British Columbia

Data Protection Report 2008 Best Practices in Data Backup & Recovery

Solutions White Paper. Using Storage Virtualization. to Meet the Challenges of Rapid Data Growth

EMC Backup and Recovery for Microsoft Exchange 2007 SP2

IBM Global Technology Services November Successfully implementing a private storage cloud to help reduce total cost of ownership

Accelerating HIPAA Compliance with EMC Healthcare Solutions

White paper. Log Management Best Practices. The Foundation for Comprehensive Security Information and Event Management

WHITE PAPER MOVING BEYOND BATCH BACKUP. Practical Steps to Improve Data Protection & Dramatically Reduce Backup Software Licensing Costs

<Insert Picture Here> Refreshing Your Data Protection Environment with Next-Generation Architectures

The New Data Imperative

EMC DATA DOMAIN OPERATING SYSTEM

HP and Mimosa Systems A system for archiving, recovery, and storage optimization white paper

QUICK REFERENCE GUIDE: KEY FEATURES AND BENEFITS

Cost Effective Backup with Deduplication. Copyright 2009 EMC Corporation. All rights reserved.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Using HP StoreOnce Backup Systems for NDMP backups with Symantec NetBackup

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

EMC DATA DOMAIN OPERATING SYSTEM

How To Get A Storage And Data Protection Solution For Virtualization

Transcription:

White paper Storing More Intelligently: Tiered Storage Solutions for Security Data

Until recently, storage management has been the purview of IT staff, not compliance or security professionals. But as volumes of security information such as logs and other operational data continue to grow, security and compliance teams face growing challenges around storage management. Compliance and security organizations are beginning to realize that security information must be managed in order to maximize the value of data while minimizing the costs of storing it. Fortunately, there are proven strategies and solutions for optimizing costs, performance, and functionality, and such solutions can be readily applied to the management of security information. Contents I. The Growth in Security Data page 1 II. The Need for a Strategic Approach page 1 III. The Lifecycle of Security Data page 2 IV. Implementing Tiered Storage Solutions page 2 V. EMC Tiered Storage Solutions page 4 VI. Conclusion page 6 VII. Solutions for Implementing Best Practices page 6

I. The Growth in Security Data II. The Need for a Strategic Approach The Enterprise Strategy Group predicts that security data will grow at a compound annual growth rate of 58 percent over the next five years. 1 What s driving this growth? As compliance and security professionals know, there are three primary reasons. 1. Companies are collecting more security data from more systems. Increasingly, organizations are collecting security data from the entire IT environment. In the past, security teams focused on collecting logs from intrusion detection systems (IDS), routers, and virtual private networks (VPN) or firewalls. Today, they re focused on the security and activity of all of those network components plus commercially developed and homegrown applications, operating systems, database systems, storage devices, servers, and more. 2. Companies have more uses for security data. Evolving threats combined with complex and ever-changing regulatory requirements mean organizations must retain security data for more purposes than ever before. Organizations are leveraging security data to detect malicious code in real time; perform real-time monitoring or access control; detect unauthorized services; reduce false positives; and report on SLA compliance, among other things. These increasing uses of security data have made data storage and management a major concern for executives in security, compliance, and risk management and for leaders throughout IT, including the desktop, server, and application teams. 3. Companies are facing growing regulatory requirements and industry guidelines. Security professionals are well aware of the regulations and industry standards they face including the Sarbanes-Oxley Act, the Payment Card Industry (PCI) requirements, Basel II and Gramm-Leach- Bliley for financial services, and HIPAA for healthcare entities, as well as increasingly rigorous state-level mandates. And more regulations are on the horizon. Such regulations require organizations to implement policies, processes, and practices to protect the security and privacy of critical information. Furthermore, in many cases, organizations must also be able to validate the effectiveness of what they ve implemented. To do all of that, organizations must capture and manage very large quantities of security data. Virtually all organizations are under competitive pressures to maximize performance of their IT environments and optimize information access while minimizing costs for capital investments and day-to-day operations. Given those pressures, simply adding more storage for security data is no longer an adequate approach. In reality, however, many organizations have addressed the explosive growth of both business and security data by doing just that. They have deployed scaled solutions that is, piecemeal collections of storage subsystems added over time. Complex and costly to manage, such solutions often result in inappropriate resource deployment that leads to misused capacity, degraded performance and availability, inadequate security for servers and applications, and premature investments in new subsystems. To avoid those pitfalls, many organizations are employing Information Lifecycle Management (ILM) strategies. ILM is a strategy for aligning the business value and/or use model of security and other data with the most appropriate and cost-effective infrastructure throughout its existence. Through an ILM strategy, organizations are empowered to understand the changing value and use requirements of their information over time and then deploy storage resources accordingly. The ultimate result: more effective management of information and storage resources that maximizes the value of the information while minimizing costs. While Information Lifecycle Management is the overarching strategy for maximizing the efficiency and effectiveness of a storage infrastructure, tiered storage is a foundational element for executing on that strategy and, ultimately, storing more intelligently. Before identifying specific strategies for tiering security data and storage systems, it s important to first understand the phases of the security information lifecycle. 1 Security Information Lifecycle: Data Retention of Event Logs for Compliance, Enterprise Strategy Group, August 2006. RSA White Paper 1

Figure 1. Security Information Lifecycle Management About One Year + One Audit Cycle Retention Policy Capture Compress Secure Store Retain Retire The Lifecycle of Security Log Data III. The Lifecycle of Security Data Just like virtually all business information, security data has a very clear lifecycle. As illustrated in Figure 1, first it s collected, compressed and protected. It is then stored as defined by the organization s log retention policies. And, finally, it is retired in compliance with regulatory and/or company guidelines. IV. Implementing Tiered Storage Solutions Five Steps to Tiered Storage for Security 1. Classify security data in preparation to deploy tiered storage 2. Plan for and deploy online storage 3. Create an active archive 4. Streamline backup and recovery processes 5. Retire (and delete) data This paper has discussed the significant growth of and need for security data, as well as the associated information management challenges. Now it answers the question: How can an organization transform tiered storage for security from concept to reality? The following five steps are recommended to go from storing more security data to storing this data more intelligently. 1. Classify security data in preparation to deploy tiered storage. The first step to storing more intelligently is to classify security data based on an organization s security objectives, policies/procedures, and applicable regulatory requirements. This classification exercise will provide insight into the purpose of the data throughout its lifecycle and will help identify the storage infrastructure requirements to support that data over time. From there, deploying and leveraging a tiered storage infrastructure allows an organization to store security data on the right storage type at the right time, thereby aligning capabilities to requirements and ultimately lowering total cost of ownership (TCO). In this context, the right storage type refers to underlying capabilities of the storage environment, such as access times, high availability, disaster recovery, and other functional requirements. The right time typically refers to the stage of the lifecycle and/or the specific purpose for the data at that point in time. As one might assume, different capabilities are typically required as the data ages and progresses throughout its lifecycle. By classifying data and deploying tiered storage, organizations typically see a 25% improvement in TCO. For example, many companies keep the majority of their data on tier-one storage. After classifying their data, they often discover that they are using storage resources with capabilities that far exceed what their data requires. From there, they can deploy different tiers of storage and migrate less-critical and/or less-sensitive data to a tier of storage that offers the right set of capabilities at the right cost-point. 2 RSA White Paper

There are three primary levels of tiered storage for storing security data. a) Production Online storage offers high-performance characteristics and a wide spectrum of software capabilities to meet production data requirements (that is, data actively being used for real-time analysis, on-going review, and periodic audits and assessments). Security data is likely to be stored in production for one year or more to support one year of log data plus one audit cycle (depending on the organization s policies). Production storage offers software capabilities to ensure that the data is protected and always available; it also facilitates fast and frequent access to the data to establish baselines and perform real-time and forensic analysis and to support required audit cycles. b) Archive Archive storage offers medium performance characteristics and lower cost/megabyte to support medium access times. Based on each organization s retention policy, security data should be migrated to archive storage to reduce the cost of storing high volumes of data that are not accessed as frequently as production data, or that don t require fast response time. Archive storage supports security data retention and archival management in compliance with applicable regulatory requirements. It also facilitates easy access to security data for longer-term forensic analysis, audits, and other critical activities. Migrating data from online to archive storage should help drive efficiencies and cost-effectiveness while continuing to support an organization s security requirements. c) Backup Backup media is used to store data so that in the event that the production data becomes compromised or damaged, the information can be recovered. Offline storage is either disk or tape-based, and usually requires mounting of the media type for backup/recovery operations. And as expected, the performance characteristics vary greatly depending on whether it s a tape or disk-based solution. 2. Plan for and deploy online storage. Identify the online storage capacity required to support online log retention policies. Online storage with the right performance, availability, and data protection characteristics is critical to supporting day-to-day, real-time and forensic analysis, as well as periodic audits based on regulations and internal policies. 3. Create an active archive. The third step is to deploy an active archive for security data to support an organization s archive policy. The policy could be as simple as archiving data based on age or frequency of use, or it could be much more complex and based on a myriad of factors. Whatever the policy, a key criterion of an active archive is that when the information is needed, it is available online and readily accessed to support ad-hoc requests or longer-term audit cycles. (Such data can be identified during the classification process in the previous step.) Hence, the term active archive ; data is archived yet remains available online and can be accessed relatively quickly via a costeffective storage solution. Another characteristic or requirement is to assure content authenticity since certain security data must not change to comply with regulatory requirements. An active archive offers numerous benefits: Because the archive is available online, information can move from production storage to the archive. This creates a virtually infinite repository of information. It also frees up production storage for high-priority critical data, including logs used for real-time, short-term, and medium-term analysis and reporting. Archived information is taken out of the production storage backup cycle. This results in dramatic improvements to backup times and backup media costs. Operational recovery and/or disaster recovery (DR) plans to support critical data become much more efficient as there is less production information to recover, i.e., the archived information is in the archive, protected by its own protection scheme. Finally, in one solution, the active archive can provide the speed of disk with the authenticity of optical, which makes complying with regulation requirements much easier. RSA White Paper 3

4. Streamline backup and recovery processes. This step is a natural outgrowth of the previous steps. By deploying online and active archive tiers, an organization can dramatically improve backup times and efficiency. However, the sole purpose of backing up critical data is to be able to recover that data when needed. Backing up such data on high-capacity, low-cost disk solutions, rather than tape, delivers five-fold improvement in backup and recovery times. It also offers significant reliability improvements to ensure that security data can be recovered quickly and easily when needed. 5. Retire (and delete) data no longer required for production or for compliance requirements. The final step in storing more intelligently is to retire (and delete) security data when it is no longer needed or when regulations require its retirement. V. EMC Tiered Storage Solutions EMC has a continuum of scalable, easy-to-use storage solutions to address every phase of the security data lifecycle. The portfolio spans from high-end storage solutions that offer maximum performance, availability, and protection to cost-effective midrange solutions designed to accommodate the needs of smaller organizations managing security data. EMC s storage portfolio includes EMC Symmetrix, EMC CLARiiON, EMC Celerra, EMC Centera, and EMC Disk Library platforms. Across the platforms are hardware and software options that allow the configuration and delivery of the required capabilities at the right cost. In addition, EMC storage platforms can be deployed with a combination of high performance Fibre Channel drives and low-cost/high capacity drives within the same array. Whether an organization requires a small-scale solution with tiered storage deployed within one physical system or has a large-scale environment where multiple tiers of storage systems are needed, the ultimate benefits are the same: lower TCO, energy efficiency advantages, simplified information management, and improved ability to exploit data for business protection and advantage. EMC Symmetrix DMX one of the world s most trusted storage platforms The market-leading EMC Symmetrix DMX-3 enterprise storage platform provides uncompromising levels of service for the most demanding enterprise environments. DMX-3 systems will scale to more than one petabyte of data, which meets even the most aggressive growth requirements. By leveraging advanced technology from its RSA security division, EMC has built strong authentication, authorization, and enhanced audit capabilities into Symmetrix that further secure customers information infrastructures. Symmetrix DMX tiered storage capabilities include: Information Availability one of the most advanced and widely deployed business continuity platform. Tiered Storage Consolidation save money through in-the-box tiering. Performance supports the world s most demanding application workloads. Application integration and qualification longer relationships and deeper integration with applications and ISVs. Power efficiency best power and cooling efficiency for today s data center requirements. Information-Centric Security, Built In advanced security and integrated RSA technology. EMC Celerra NS Series an industry-leading IP storage platform The EMC Celerra IP storage systems offer industry-leading price/performance with no-compromise availability for combined storage and file server consolidation. EMC Celerra delivers a comprehensive set of software features at no additional cost and simplifies management via an intuitive web interface. Celerra NS series tiered storage capabilities include: Ability to deploy multiple tiers of storage media within the same system. High-performance Fibre Channel drives support mission-critical tiers while low-cost/high capacity drives can offer the right choice for lower-tier data and backup/recovery operations. Integrated NAS and iscsi protocols for IP connectivity, with the option to add Fibre Channel connectivity. 4 RSA White Paper

EMC Celerra FileMover for automated, policy-based file movement to and from secondary storage platforms, such as EMC CLARiiON or EMC Centera. EMC CLARiiON CX3 UltraScale Series a proven midrange storage solution The EMC CLARiiON CX3 UltraScale series offers exceptional price/performance providing an excellent solution for cost-effective storage consolidation. The EMC CLARiiON CX3 delivers simple management tools, five 9s availability, industry-leading price/performance, data mobility, and scalability between multiple storage tiers. CLARiiON CX3 UltraScale series tiered storage capabilities include: Five 9s Availability unique high availability and data integrity features Price/Performance the best performance and price/performance in midrange storage Data Mobility nondisruptive in-the-box mobility and heterogeneous data migrations Best Economics most economical midrange platform through the entire lifecycle Ease of Use easy for customers and partners to install, manage, and scale EMC Centera one of the most simple, affordable, and secure archiving platforms EMC Centera meets the unique requirements of storing and managing fixed content that is, unchanging digital assets into an active archive storage solution. A Future Proof Investment eliminates the impacts of technology obsolescence. Simple Scalability seamlessly add capacity without disruption. Lowest TCO more cost effective than tape or optical. EMC Disk Library an easy way to improve backup and restore EMC Disk Library is a simple to deploy and easy to use diskbased backup and recovery solution. As the industry s most widely deployed open systems virtual tape solution, the Disk Library emulates leading open systems tape libraries; however, it leverages disk drive media for extremely fast and reliable backup and recovery operations. Since the Disk Library looks like tape to the backup application, it offers immediate compatibility with existing backup applications and a quick and simple deployment. The EMC Disk Library capabilities include: Industry-leading Open Systems Disk Library more than 100 petabytes deployed in two years Most Qualified Backup Environments more than 3 million supported configurations The First Disk Library with Consolidated Media Management EMC NetWorker and Symantec NetBackup functions performed within EMC Disk Library Highest Performance highest VTL-system performance available today EMC Centera tiered storage capabilities include Assured Authenticity and Online Access Speed of disk, with the authenticity of optical at the price of tape. Single Instance Storage only one copy of information is kept no matter how many times it is requested to be stored. Self-Configuring, Self-Healing and Self-Managing administrators can manage up to 50 times greater quantity of content. RSA White Paper 5

VI. Conclusion VII. Solutions for Implementing Best Practices Corporations that are automating compliance procedures must look ahead several years to architect for the entire security information lifecycle. This includes procedures for assuring the authenticity of data in storage, archiving data to secondary storage, and security information deletion at the end of the lifecycle, wrote Security Analyst Eric Ogren of Enterprise Strategy Group. 2 Furthermore, Gartner has asserted that the majority of security event information management (SIEM) deployment failures occur because organizations improperly assess data volumes and the resulting scalability issues. 3 The challenges now facing security and compliance experts are familiar to storage managers, who recognize tiered storage as a proven approach to storing more intelligently. As they grapple with a veritable explosion of security data, security and compliance managers can discover for themselves the very real benefits of storing more intelligently through tiered storage strategies and solutions. By aligning resources to information value and use, the most critical and current security data can be maintained and protected on highly available, high-performance storage, while data that s no longer current can be retained on more cost-effective storage resources. With the proper software functionality, security data can be efficiently and effectively migrated from one system to another. And when solutions incorporate easy-to-use tools, organizations can prevent people and storage management costs from rising at the same rate as security data volumes. The ultimate result: a cost-effective, easy-to-manage storage solution suitable for meeting a wide range of compliance and security operations requirements. To implement best practices, RSA provides end-to-end solutions for building a centrally-managed dedicated infrastructure. RSA envision security information and event management (SIEM) platform aggregates event logs from across the enterprise, and turns this information into actionable compliance and security intelligence. By combining RSA envision with networked storage solutions, organizations can manage the entire lifecycle of security information using a tiered storage approach, whereby logs are stored on different storage resources based on the age of and need for the data. The RSA envision platform works seamlessly with EMC Celerra, Clariion, Symmetrix, and Centera storage for an end-to-end solution in security information lifecycle management. This solution enables organizations to manage huge volumes of logged data from creation to deletion in order to meet regulatory compliance, security operations, and business requirements. For more information on RSA envision, please go to www.rsa.com. For more information on EMC s storage solutions including EMC Celerra, Clariion, Symmetrix and Centera, please go to www.emc.com. 2 Enterprise Strategy Group, Security Information Lifecycle: Data Retention of Event Logs for Compliance, April 2006. 3 Gartner, Evaluating & Deploying SIEM Technologies. RSA, envision and the RSA logo are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC, Celerra, Centera, Symmetrix and CLARiiON are registered trademarks or trademarks of EMC Corporation. All other products or services mentioned are trademarks of their respective owners. 2007 RSA Security Inc. All rights reserved. TS WP 0507 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information