Category Archives: Stiri IT Externe

SNIA Releases Data Protection Guidance for Storage Pros


Data storage professionals may not be accustomed to dealing with data security and privacy issues like due diligence, but with the European Union’s General Data Protection Regulation about to take effect, many will need to learn some new concepts.

That’s what makes a new white paper from the Storage Networking Industry Association especially timely, Eric Hibbard, chair of SNIA’s Security Technical Work Group, told me in an interview. SNIA, a nonprofit focused on developing storage standards and best practices, put together a document that provides guidance on data protection, specifically as it relates to storage.

“The storage industry has for many years has been insulated from having to worry about traditional security and to a less degree, the privacy issues,” Hibbard said. “With GDPR, the definition of a data breach moved from unauthorized access to include things like unauthorized data destruction or corruption. Why is that important to storage professionals? If you make an update to a storage system that causes corruption of data, and if that’s only copy of that data, it could constitute a data breach under GDPR. That’s the kind of thing we want to make sure the storage industry and consumers are aware of.”

The GDPR, which sets mandatory requirements for businesses, becomes enforceable May 25. It applies to any business storing data of EU citizens.

The white paper builds on the ISO/IEC 27040 storage security standard, which doesn’t directly address data protection, by providing specific guidance on topics such as data classification, retention and preservation, data authenticity and integrity, monitoring and auditing, and data disposition/sanitization.

For example, the issue of data preservation, retention, and archiving is barely touched on in the standard, so the paper expands on that and explains what the potential security issues are from a storage perspective, said Hibbard, who holds several certifications, including CISSP-ISSAP, and serves roles in other industry groups such as the Cloud Security Alliance.

The paper explains the importance of due diligence and due care – concepts that storage mangers aren’t used to dealing with, Hibbard said.

“In many instances, the regulations associated with data protection of personal data or PII (privacy) do not include details on the specific security controls that must be used,” SNIA wrote in its paper. “Instead, organizations are required to implement appropriate technical and organizational measures that meet their obligations to mitigate risks based on the context of their operations. Put another way, organizations must exercise sufficient due care and due diligence to avoid running afoul of the regulations.”

Failure to take steps to understand and address data exposure risks can demonstrate lack of due care and due diligence, the paper warns, adding: “Storage systems and ecosystems are such integral parts of ICT infrastructure that these concepts frequently apply, but this situation may not be understood by storage managers and administrators who are responsible and accountable.”

One of the components of due diligence is data disposition and sanitization. “When you’re done with data, how do you make sure it actually goes away so that it doesn’t become a source of a data breach?” Hibbard said.

The SNIA paper spends some time defining data protection, noting that the term means different things depending on whether someone works in storage, privacy, or information security. SNIA defines data protection as “assurance that data is not corrupted, is accessible for authorized purposes only, and is in compliance with applicable requirements.”

The association’s Storage Security: Data Protection white paper is one of many it produces, which are freely available. Others papers cover topics such as cloud storage, Ethernet storage, hyperscaler storage, and software-defined storage.



Source link

Flash Storage Adoption in the Enterprise


We’ve heard for a while that flash storage is going mainstream, but how are companies actually using it and what results are they getting? A new report by IT analyst firm Evaluator Group sheds light on enterprise adoption of solid-state storage and why the technology has become so popular.

The firm, which specializes in analysis of data storage and information management, surveyed larger enterprises with more than 1,000 employees that had already deployed all-flash systems. That kept the study focused on organizations with first-hand experience with solid-state storage, Randy Kerns, senior strategist and analyst at Evaluator Group, told me in an interview. After the survey, which was conducted across various vertical markets, analysts interviewed many of the participants to get deeper insight.

Evaluator Group found that most of those surveyed bought all-flash arrays with the goal of speeding database performance so that certain applications ran faster. “The majority of them justified paying extra based on getting the databases to run faster,” Kerns said.

Another top use case was accelerating virtual machine environments, which involves supporting more virtual machines per physical server due to the improved performance with solid-state technology, he said.

Enterprises reported strong results with their flash storage deployments, the study found.

“In all cases, they got what they expected and more, to the point that they added additional workloads that weren’t performance demanding…They had more capabilities than they planned on, so they added more workloads to their environment,” Kern said. “And the future is adding more workloads or buying more all-flash systems for putting more workloads on.”

Organizations surveyed also reported improved reliability, with fewer interruptions either due to a device or system failure. “That was a big improvement for them,” he said. “It’s something they hadn’t counted on in their initial purchase.”

Survey participants said they valued the data protection capabilities of solid-state storage systems, such as snapshots. “The systems had the capabilities to do things differently so they could accelerate their data protection processes,” Kerns said.

Data reduction functionality wasn’t high on their list of solid-state features, as they considered it a basic capability of flash storage systems, according to Evaluator Group.

While solid-state storage has a reputation for being pricey, it wasn’t an issue for the survey participants, Kerns said. “These people already had them [all-flash systems], so the battle about cost is in the rear view mirror,” he said. “First-time buyers may have a sticker-shock issue, but for those who bought it, that’s history.”

When buying flash storage, enterprises tend to turn to their current storage systems vendor, the study found. “Incumbency wins,” Kerns said. A few bought from storage startups, but the majority preferred to stick with their existing vendor, enjoying new systems that operated in a similar fashion what they already had.

As for going all-flash, enterprises expect that will be the case eventually, but certainly won’t happen overnight. “They have a number of platforms that have a certain lifespan. They’ll just age those systems out, so it could be a number of years until they get to that point,” Kerns said.

Get live advice on networking, storage, and data center technologies to build the foundation to support software-driven IT and the cloud. Attend the Infrastructure Track at Interop ITX, April 30-May 4, 2018. Register now!

 



Source link

Storage Management Software: Users Weigh In


Data storage never seems to stop evolving in ways that challenge IT departments. Aside from the need to deal with perpetual growth, data storage now requires management across cloud and on-premises infrastructure as well as hybrid environment. Different workloads also require varying service levels from storage solutions. Storage management tools have had to keep up with this rapid change.

Storage management tools give storage managers a way to stay on top of storage systems. They enable storage managers to track utilization, monitor performance and more. What do users actually think of storage management tools on the market today?

The discussion about storage management software on IT Central Station reveals that storage is about more than just storing data. It’s about keeping businesses running optimally. When customers can’t see their data, that’s not a storage problem. It’s a business problem. For this reason, storage managers appreciate storage management solutions that offer real time visibility into storage performance and the ability to compare relative performance from multiple storage systems. They like products that are responsive and efficient to use, with a “single pane of glass” and automated alerting.

The following reviews from IT Central Station users highlight the pros and cons of two top storage management software products: NetApp OnCommand Insight and Dell EMC ControlCenter.

NetApp OnCommand Insight

A storage administrator at a financial services company who goes by the handle StorageA7774, cited the product’s comprehensive view:

“Since we have to monitor multiple systems, it gives us a single pane of glass to look at all of our environments. Also, to compare and contrast, if one environment is having some issues, we can judge it against the other environments to make sure everything is on par with one another. In the financial services industry, customer responsiveness is very important. Financial advisors cannot sit in front of a customer and say, ‘I can’t get your data.’ Thus, being up and running and constantly available is a very important area for our client.”

Carter B., a storage administrator at a manufacturing company, cited a several ways OnCommand Insight helps his organization:

“The tracking of utilization of our storage systems; seeing the throughput—these are the most important metrics for having a working operating system and working storage system. It’s centralized. It’s got a lot of data in there. We can utilize the data that’s in there and the output to other systems to run scripts off of it. Therefore, it’s pretty versatile.”

However, a systems administrator at a real estate/law firm with the handle SystemsA3a53, noted a small drawback:

“There was a minor issue where we were receiving a notification that a cluster was not available, or communication to the cluster. OnCommand Manager could not reach a cluster, which is really much like a false positive. The minor issues were communications within the systems.”

And StorageA970f, a storage architect at a government agency, suggested an improvement to the tool’s interface:

“Maybe a little bit more graphical interface. Right now — and this is going to sound really weird — but whatever the biggest server is, the one that is utilizing the most storage space, instead of showing me that server and how much storage space, it just shows it to you in a big font. Literally in a big font. That’s it. So if your server is named Max and you’ve got another server named Sue, and Max is taking up most of your space, all it’s going to show is just Max is big, Sue is little. That’s is really weird, because I really want to see more than that. You can click on Max, drill down in and see the stuff. But I would rather, on my front interface, say, ‘Oh, gosh, Max is using 10 terabytes. Sue is only using one. She’s fixing to choke. Let me move some of this over.’”

Dell EMC ControlCenter

Gianfranco L., data manager at a tech services company, described how Dell EMC ControlCenter helps his organization:

“We use the SNMP gateway to aggregate hardware and performance events. The alerting feature is valuable because it completes the gap of storage monitoring. Often the storage comes with a tele-diagnostic service. For security purposes, it’s very important for us to be aware of every single failure in order to be more proactive and not only reactive.”
 

Bharath P., senior storage consultant at a financial services firm, described what he likes about the product.

“Centralized administration and management of SAN environment in the organization are valuable features. Improvements to my organization include ease of administration and that it fits in well with all the EMC SAN storage”

However, Hari K., senior infrastructure analyst at a financial services firm, said there’s room for improvement with EMC ControlCenter:

“It needed improvement with its stability. Also, since it was agent-based communication, we always had to ensure that the agents were running on the servers all the time.”

Gianfranco L., also cited an area where the product could do better:

“The use of agents is not easy. The architectural design of using every single agent for every type of storage can be reviewed with the use of general proxies. The general proxies also discover other vendors’ storage. This can be done with custom made scripts.”



Source link

6 Ways to Recycle Your IT Gear for Earth Day


We all love our smartphones, computers, tablets, and gadgets. Some of us wait in long lines the moment the latest tech hits the shelves, while others upgrade when our old devices finally kick the bucket. Either way, we are all inevitably left with obsolete technology that we need to discard. The hardware, batteries, cables, and accessories often become burdensome because we are not sure how to recycle this material. As digital transformation continues to permeate IT professionals’ data centers, the same is true of legacy infrastructure that is either rendered obsolete by new technology like cloud computing or are simply subject to an upgrade.

Recycling properly can take time that IT professionals may not have since they’re busy keeping organizational processes running smoothly, which means the environment often takes a backseat as old tech collects dust in the supply closet.

In the spirit of Earth Day this Sunday, SolarWinds polled its THWACK community of more than 145,000 IT professionals and collected their best tips and tricks for recycling or disposing of older hardware in an environmentally friendly way.

Here are some of the best ways to reuse and recycle old technology this Earth Day, along with advice on how to be more green by reducing your data center footprint.

(Image: ipopba/iStock)



Source link

Microsoft Releases a Linux-Based OS » Linux Magazine


Microsoft has announced a new project that is going to be powered by the venerable Linux kernel. At the RSA 2018 Conference, the company shed some light on Microsoft Azure Sphere, a new platform to help create secured, Internet-connected microcontroller (MCU) devices.

Microsoft Azure Sphere is an end-to-end-solution, all the way from Azure Cloud to actual chips found on the targeted IoT device. Microsoft Azure Sphere is comprised of three components: Azure Sphere certified microcontrollers (MCUs); Azure Sphere OS; and Azure Sphere Security Service.

Azure Sphere OS is a custom OS aimed at security and agility. “Unlike the RTOSes common to MCUs today, our defense-in-depth IoT OS offers multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment and a trustworthy platform for new IoT experiences,” wrote Galen Hunt, Partner Managing Director, Microsoft Azure Sphere.

Developers can use Microsoft Visual Studio Tools to write applications for Azure Sphere. These tools include application templates, development tools and the Azure Sphere software development kit (SDK).

Visual Studio is not exclusive anymore to Windows. Microsoft open sourced a version of Visual Studio called Visual Studio Code, which is available for Linux.

The news was not surprising, Microsoft Azure team is is extremely pro-Linux and open source. Not only does Linux run on more than 50% Azure machines, the company has been using Linux to build components of cloud such as Azure Cloud Switch (ACS) and SONiC. None of these are distributed as Linux distro, but it’s about to change with Azure Sphere OS, which is a Linux distribution.

Since Sphere OS will be running on devices that will be shipped, can we safely say that Microsoft has literally become a Linux vendor?

Source: https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sphere-secure-and-power-the-intelligent-edge/



Source link