Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
|In a nutshell|
• The practice of data encryption helps ensure no one can read your data if a storage disk is lost, misplaced or stolen.
• The practice of storage security helps ensure attackers cannot compromise central storage systems by exploiting vulnerabilities, misconfigurations, or weak security settings, or by deploying malware.
Today’s hackers find data storage systems attractive – and for good reasons. First, storage systems hold the enterprise’s most sensitive information, which makes a successful attack very promising for lucrative crimes, including ransom attacks, fraud, user identity theft, and more.
Second, infosec teams often neglect their storage – as well as backup – systems, mistakenly thinking that data protection also covers storage/backup, thereby leaving an opening that hackers are happy to exploit.
Yes, the game is on. Infosec teams overlook specific loopholes, hackers joyfully take their turns, the industry offers a remedy, and hackers go looking for gaps elsewhere…
To understand what storage is, let’s start by defining data. Data is the information we store for processing and movement purposes. Ok, sounds simple enough.
Data is an integral part of various technologies and devices, including mobile, desktop, applications (such as Outlook, Slack, SAP), databases, servers, and more.
Storage systems are centralized repositories used to hold, share, and manage different business-critical data elements.
Storage systems – whether on-premises, cloud-based or hybrid – can typically manage data at a large scale for an appropriate number of users.
And let’s not forget backup systems.
Backup systems help organizations create copies of data that can be recovered in the event of an attack or outage.
You might say that data is the jewel resting inside the safe that is the storage system.
And the backup is a secret time machine that is used to bring the jewel back if it disappears!
Now that we’ve (hopefully) clearly explained what data and storage are, let’s move on to the difference in security measures.
Data security is meant to protect valuable data, and there are different procedures, standards, and technologies to choose from. The goal is to ensure that only authorized parties can access and use the data and that its integrity is maintained at any given moment.
Examples of data security solutions include malware detection and prevention, firewall network security solutions, intrusion detection, data privilege, access management, and more.
Storage security, however, is meant to protect the central systems and prevent any unauthorized parties from accessing the system and its vast data volumes.
Infosec teams have different strategies for safeguarding their storage and backup systems.
Multiple aspects make up storage security, including constant identification, assessment, and protection of operating systems, applications, devices, plugins, and other data storage arenas. These are not covered by traditional data protection solutions.
Remember our analogy? Our precious jewel (data) is not only resting inside the safe (storage), but should also be kept at the perfect temperature and conditions to maintain its qualities and value. In other words, the safe itself can protect or ruin the jewel. The storage safe uses multiple complex passwords and authentication mechanisms to keep the jewel safe and sound.
The importance of data encryption is not to be underestimated. This critical security measure helps keep sensitive information safe when it is stored on a hard disk that anyone can access (for example).
As important as it may be, encryption is hardly enough to protect from storage attacks. If hackers find their way into a storage system (as data encryption alone won’t prevent them from doing so), they are free to cause severe damage by deleting and compromising petabytes of data – whether they’re encrypted or not.
Hackers can corrupt the data, make them inaccessible, and apply ransomware.
Let’s go back to the safe analogy we previously mentioned. If you never changed the default code when you bought the safe in the store – e.g. “1234” – then the jewel that’s stored inside is at risk of theft.
In other words, placing your jewel in the safe doesn’t prevent anyone from exploiting the safe’s vulnerabilities and misconfigurations, in order to steal the jewel.
Let’s also remember the importance of securing your backup systems, because when the jewel is stolen or damaged, the backup is your ONLY way of getting it back!
Start by understanding the chances of hackers infiltrating your storage systems, and the potential damage they might cause as a result.
Understanding the risk is the first step towards a solution; read more about it in this Storage Security Handbook.
How big is the risk in today’s reality? Fedor Sinitsyn said that “This year alone we have already detected several new ransomware families focused solely on NAS (Network-attached storage). This trend is unlikely to fade.”
In fact, Gartner goes a step further and recommends “hardening the components of enterprise backup and recovery infrastructure against attacks by routinely examining the backup application, storage, and network access and comparing this against expected or baseline activity
Here are just a few incidents that were covered by the media:
These examples are just a few out of many. In fact, we’ve reviewed thousands of misconfiguration incidents when putting together this State of Storage Security Report.
Enterprises may want to quantify the risk (probability) and the potential harm of such an attack, which is why we’ve created this video that simulates ransomware attacks on storage systems.
Keep in mind that data that’s breached at the end-user device or server level is typically less harmful. When the organization’s storage systems are compromised, it can reach petabytes of data. One storage system serving hundreds and even thousands of servers and virtual machines can easily cripple the entire system and impact the recovery path.
Typical sizing of data stored on system
No single tech solution offers both data and storage protection. There are separate technologies for each.
Data protection solutions cover malware detection, firewall, intrusion detection, data discovery and classification, access control and privilege management, and more.
Storage security ones, on the other hand, include vulnerability management, configuration management, storage security posture management, and cyberstorage (a new addition to Gartner’s recent Hype Cycle for Storage and Data Protection Technologies report).
Eventually, it’s critical to have comprehensive protection not just for the data but also for the storage that stores the bulk of an enterprise’s data.
Is on-premises storage more secure than the cloud? Many executives we encounter are debating whether it’s safer to store their data in the cloud or on-premises, and there are advantages and disadvantages to each approach. Dell Technologies CEO Michael Dell famously said that “the public cloud is no more or less secured than on-premise”. Food for thought.
Get in touch to see how you can detect, prioritize, and fix all security risks in your storage & backup systems.