News
4/1/2008
08:12 PM
Terry Sweeney
Terry Sweeney
Commentary
50%
50%

Mission Creep And Storage

Anyone who has ever worked in an organization of, say, more than 50 people is aware of the phenomenon of mission-creep. It's always clear that it has occurred when the person whose initial job was ordering Post-its finds himself handling quality control, handling "external relations" (whatever that is), and traveling two-thirds of the time to make sure branch offices are using the right copying paper. Does any of this ring a bell for today's storage professionals?

Anyone who has ever worked in an organization of, say, more than 50 people is aware of the phenomenon of mission-creep. It's always clear that it has occurred when the person whose initial job was ordering Post-its finds himself handling quality control, handling "external relations" (whatever that is), and traveling two-thirds of the time to make sure branch offices are using the right copying paper. Does any of this ring a bell for today's storage professionals?Storage analyst Charles King calls attention to the new complexities storage managers face in the wake of networked storage, virtualization, and other centralizing technologies that do away with direct-attached or isolated storage gear.

Yeah, storage has become more than handling daily and weekly backups. State and federal laws concerning data privacy and preservation have turned storage pros into legal scholars, archivists, and enforcement specialists.

Handling tape rotation is a far cry from deciding how long untouched data remains on a server. Selecting a SAN vendor may look like a cakewalk after setting up corporate policies that decide who gets access to what data, and when. And IT is no longer defined by 18-month projects where it makes sure manufacturing has all the capacity it needs -- it's working more frequently as a team in a centralized data center, looking at the business and its challenges a little more holistically.

I've bloviated before about the demise of the specialist, and I'm not so sure that it's a bad thing. In this day and age when this index has crashed or that price peaks anew, it seems like someone with intimate knowledge of the business and the technical wherewithal to address its thorniest issues might have more job security (and make more money) than the guy who swaps out tapes every night.

Or buys the Post-its.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.