Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches.
Such breaches can lead to loss of revenue, business disruption and damage to the reputation of the organization. Organizations stand to lose valuable data, as well, that they can’t necessarily replicate.
In addition, configuration drift can cause storage & backup systems to deviate from regulatory standards, inviting both security risks and legal repercussions, which include hefty fines and reputational damage.
Storage and backup system configurations change on a regular basis. So, it’s clear that staying on top of configuration drift and actively managing security misconfigurations can significantly mitigate these risks.
How To Identify Configuration Drifts?
There are three approaches to identifying configuration drifts when they occur.
The first method involves manually reviewing each production configuration and comparing it to the target baseline. This is very time-consuming and expensive.
During the test planning process, various spreadsheets that list all storage & backup hardware and software devices are brought together across the IT departments for comparison and reconciliation.
These include traditional storage services (e.g., block, file, and object storage), storage virtualization, storage architectures designed for virtualized server environments, backup appliances, backup software, and storage resources hosted in the cloud.
There are often large discrepancies between these different lists, which serve to compound the difficulty of the effort and miss configuration gaps entirely.
The second method to identifying configuration drifts involves developing custom scripts that run periodically to search for these gap “signatures” left by a configuration drift.
This works well, however, it is often limited to a few gaps, and each script typically looks for one gap. Their scripts only grow as more configuration drifts are discovered.
The problems with building your own custom scripts include:
Most configuration management vendors focus on host operating systems and web applications, and are unable to effectively communicate with the unique storage and backup technologies.
The one solution, purpose-built for storage & backup systems is StorageGuard.
StorageGuard audits the configuration of storage & backup systems, to ensure they’re hardened and not vulnerable. StorageGuard automatically detects configuration drift and unauthorized changes, while validating that all systems adhere to the required baseline.
StorageGuard contains over 2,000 built-in security configuration checks, supporting all leading storage and backup vendors such as Dell, Hitachi Vantara, IBM, Pure, NetApp, Rubrik, Cohesity, and many others.
These configuration checks cover a wide range of security categories such as:
Our checks repository is constantly updated based on the guidelines of leading security & industry standards, such as NIST, ISO/IEC, PCI DSS, CIS Control, FFIEC, SNIA, and more
StorageGuard helps you detect and track changes to the storage & backup security configurations on a daily basis, thereby helping to identify unplanned or incorrect changes that may put these systems at risk.
It’s time to automate the secure configuration of your storage & backup systems.