Audit & Compliance for Storage & Backups

Compliance with Industry Standards and Regulatory Requirements

Many organizations must periodically verify that their IT systems comply with numerous industry standards and regulatory requirements. Some of those requirements require certain processes to be in place while others are about configuration settings.

While storage and backup systems are mission-critical IT infrastructure that must comply with requirements, they are extremely difficult to audit given the non-standard operating systems and unique subject matter expertise.

Interpreting requirements for every storage and backup technology is challenging since they each have their own unique terminology, feature set, limitations, command set and application programming interface.

In addition, cross-walking between the various standards and matching the numerous requirements is a hugely complex task.

NIST Guide for Storage Security

Download the recently published NIST Guide for Storage Security – co-authored by Continuity™.

This guide provides CISOs and Heads of Storage with an overview of the evolution of the storage technology landscape, current security threats, and a set of practical recommendations.

Download Paper

How StorageGuard Helps

StorageGuard enables organizations to verify your storage and backup systems adhere to various standards from NIST, PCI DSS, ISO, CIS Controls, AICPA TSC, HIPAA, NERC CIP, CSA Cloud Controls Matrix, SNIA, MITRE, NCSC Cyber Assessment Framework, FFIEC, and Singapore MAS TRM

Once compliance policies are enabled, a scheduled StorageGuard scan will connect to each storage and backup technology using the native APIs and CLIs to examine whether requirements are met or not

StorageGuard reports will provide users with Pass/Fail reports. When a compliance requirement is not met, StorageGuard will report as a finding that can be viewed within the StorageGuard or management as an incident or problem ticket in your ITSM solution, e.g., ServiceNow

StorageGuard will automatically identify when requirements such as multifactor authentication, encryption of data-at-rest and in-transit, audit logging and restricted access (and many others) are not met.

StorageGuard also performs the following required processes for storage and backup systems:

Secure configuration process (CIS, NIST baseline security): StorageGuard has out-of-the-box baseline policies by technology, and can automatically identify drifts from the baseline.
Authenticated vulnerability scan: StorageGuard has a continuously-updated catalog of storage and backup CVE vulnerabilities and detection plugins.
External assessment: StorageGuard offers an independent assessment of the security posture of Storage and Backup systems based on a vast knowledgebase of best practices and security guidelines
System inventory: StorageGuard provides a unified view of all storage & backup devices and software components, while automatically mapping storage arrays, storage switches, storage management software, backup clients and other components.

"Attackers are looking for identities and they're looking for your backups, to keep you from recovering. So you need to have governance and an active program to secure your storage and backup layers”

Marc Ashworth

CISO

“The hackers are after our data. In a bank, data is money. This is why I’m a big believer in securing the storage layer.”

Erdal Ozkaya

Former CISO

"Storage is where our core data is stored. And so, vulnerability management, configuration management, and ensuring a strong policy around the governance of all storage devices are absolutely critical."

Sunil Varkey

CTO

Talk To An Expert

Get in touch to see how you can detect, prioritize, and fix all security risks in your storage & backup systems.