Developing a Threat Model for Enterprise Storage Area Networks

Abstract

The need for improved security has been widely recognized in the information technology industry, particularly for enterprise storage area networks (SANs). However, until recently there has been relatively little development of threat models which specifically address the unique requirements of these networks. In this paper, we present a method for quantifying risk, justifying security upgrade costs, and proactively assessing threats to an enterprise-class SAN. The threat model suggests that a centralized approach to security management based on the host processor may be more effective than a distributed approach based on the edge of the network. Examples of enterprise server security features developed to address these threats are discussed, along with performance results on host-based encryption and a roadmap for future security enhancements