There is no longer a question as to whether large organizations need log management solutions. But as log management and analysis needs evolve, legacy products can't scale, accommodate uncommon log file formats, or provide the right level of real-time or historical analysis. These requirements are driving a transition to a new model called log management warehousing. Similar to "top-down" data warehousing, log management warehousing will evolve to become a centralized enterprise service over the next few years.
By far, the number one question users considering a move to cloud storage ask is whether or not their data will be secure. Storing data offsite doesn't change data security requirements; they are the same as those facing data stored onsite. Security should be based on business requirements for specific applications and data sets, no matter where the data is stored. Users evaluating cloud storage service providers should demand the same type of security controls they would in their own data centers with regard to physical security, data encryption, and network security.
To protect sensitive data, many storage vendors now offer encryption capabilities with their enterprise-class systems. In spite of increasing privacy legislation and an avalanche of publicly-disclosed data breaches, most large organizations believe their enterprise storage systems are relatively well-protected and thus continue to forego encryption. Some storage vendors are now proposing self-encrypting drives for another use case: data destruction. By deleting encryption keys, these vendors believe they can help enterprises automate data destruction processes. In theory, this is true—but ESG research demonstrates that, though key deletion for data destruction may have some niche market appeal, it is not a “killer app” for storage encryption across the broad enterprise market.
While laptop computers and other mobile devices offer significant benefits in terms of convenience and employee productivity, the loss or theft of a mobile system containing confidential information continues to be an all-too-real nightmare for security organizations. With confidential data increasingly distributed across disparate users and devices, IT departments must ensure that mobile computing devices, such as laptops, are protected by a comprehensive security strategy that includes full-disk and other encryption technologies.
Confidential data resides everywhere—from locked-down data centers to mobile devices—and is increasingly accessed by a wide range of constituents—from employees to contractors and business partners. How can CIOs and CISOs possibly secure confidential data when it is in a constant state of motion? The ESG “Outside-In” data security model seeks to put confidential data security in context by anchoring data security to risk metrics, categorizing risk zones, and recommending security controls. When properly and consistently applied, ESG believes that the “Outside-In” security model can help organizations improve confidential data security while making this data more productive for global network-based business processes.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188