The amount of data accessible across networks has been steadily growing. And along with the growth of the data quantity has been the data's lure to attackers. There are frequent reports of websites being attacked: either because data residing on servers is of interest to hackers, or because the hackers want to leave their mark: the electronic equivalent to graffiti.
Realizing the vulnerability of the data, some designs physically separate the data from the server. To access the data, the server sends a request to the storage system on which the data resides. Separated from external points, the storage system typically may only be accessed through the server: direct attack of the storage system is not possible.
But such a solution overlooks a central weakness. Once the server itself has been compromised, the connection between the server and the storage system is an open door to hackers. With root access to the server, the data in the storage system are just as accessible as if they were stored within the server.
FIG. 1 illustrates this vulnerability. In FIG. 1, server 105 is coupled to storage system 110, which includes data (or document) 112. When a user on computer 115 wishes to access data 112, the user connects to server 105 across network 120 and requests data 112. (Note that computer 115 is not limited to any particular design, and may be a desktop or portable computer, an Internet appliance, a personal digital assistant (PDA), a wireless computer, or any other device capable of interacting server 105 and receiving data 112.) Server 105 retrieves data 112 from storage system 110, and delivers it to computer system 115.
But when a hacker uses computer 125 to hack into server 105 and comprise root access, the hacker gains superuser privileges. Since root access normally includes superuser privileges, the system is wide open to the hacker, who may access data 112 without any limitation.
A need remains for a way to provide data security that addresses these and other problems associated with the prior art.