fbpx
Doron Youngerwood

Analyzing The Security of Dell EMC Storage & Backup Systems – Four Highlights

  • April 4, 2022
  • 4 min read

About Continuity™

Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.

Read more

In the first of its kind, Continuity published a new report that provides an analysis of the vulnerabilities and security misconfigurations of enterprise storage & backup systems. 

The analyzed data covers multiple storage & backup vendors and models, including Dell EMC, IBM, Hitachi Data Systems, Cisco, Brocade (Broadcom), NetApp, and others.   

In preparation of this report, thousands of discrete security misconfigurations were reviewed, allowing us to uncover recurring patterns and important security considerations many organizations fail to get right when managing storage. 

Key findings 

  1. 6,300 discrete security issues detected 
  2. An enterprise storage device has 15 vulnerabilities 
  3. Out of 15 vulnerabilities, 3 are high or critical risk 
  4. The most common types of vulnerabilities include  
    • Use of vulnerable protocols / protocol settings 
    • Unaddressed CVEs 
    • Access rights issues (over exposure) 
    • Insecure user management and authentication 
    • Insufficient logging 

We analyzed 423 enterprise storage systems – from the likes of Dell EMC, IBM, Hitachi Data Systems, Cisco, Brocade (Broadcom), NetApp, and others. 

We detected more than 6,300 discrete security issues, spanning more than 170 security principles that were not adequately followed. 

Somewhat surprising, we didn’t detect any significant correlation between the state of storage security maturity and industry.  

Although it is commonly accepted that certain industries, like financial services & banking, tend to have more mature security strategies, these insights show that the entire field of storage & backup security is overlooked.  

In addition to the five most common vulnerabilities above, there were three others, that were less frequent, but could lead to substantial data compromise if exploited. These include: 

  • Incorrect use of ransomware-protection features 
  • Undocumented and insecure API / CLI 
  • Vulnerabilities and oversight in storage software supply-chain management 

What’s the big deal ! 

Out of the three main IT infrastructure categories: ComputeNetwork, and Storage, the latter potentially holds the greatest value, both from the security and business perspectives.   

While compromise or loss of compute or network infrastructure could be highly disruptive, one imposed on storage & backup presents a completely different threat. 

If damage to data is sufficiently extensive, most organizations could sustain a devastating injury.  

Consider the position of a large bank if a coordinated attack succeeds in compromising current and long-term customer financial records (e.g., attacking both primary storage and its protective copies, such as snapshots, backup, and archived copies). 

It is therefore evident that the storage layer should be secured and hardened to a similar if not greater extent than that employed for compute and network.   

A comprehensive storage & backup security practice should cover the entire lifecycle of data.   

Given the growing evidence that new forms of malware and ransomware are specifically targeting storage and backup systems, we came to realize it would be valuable to research and compile an industry benchmark for the state of storage & backup security, to identify if common areas of weakness or oversight exist.   

Click here to download the full report. 

The full results of this research are included in this report. It is our hope that the findings could help organizations increase awareness to this important area, help identify gaps in existing plans, and provide insights based on community data.  

Recommendations   

One thing is clear. The state of enterprise storage & backup security is significantly lagging behind that of compute and network security.   

This is a significant gap that should be addressed as soon as possible; with growing sophistication of data-centric attacks, and with tightened regulations, the business implications of ineffective resolution could rapidly increase. 

Here are 3 simple steps to get you going: 

  • Determine if knowledge gaps exist in terms of storage & backup security, and build a plan to address them 
  • Improve your security program to address identified gaps 
  • Consider the use of automation to continually evaluate the status of storage & backup infrastructure security, in order to proactively address risks 

Click here to download the full report. 

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy I Agree