Data Storage and Backup Security: How to Defend Against Ransomware
This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Continuity Software CTO Doron Pinhas offers advice on how to defend against ransomware with data storage and backup security.
The cost of a single storage system breach could overwhelmingly exceed the investment in a storage security framework and controls.
Ransomware attacks are growing more frequent and intense for obvious reasons. CISOs and security teams, therefore, expand their framework to encompass storage and backup systems and add controls specific to their unique needs. They do it as the more they define and enforce detailed security policies, the more they reduce their risk.
If you’re taking your first storage-security steps, we urgently recommend getting to know prominent storage & backup security guidelines and frameworks. Examples include the NIST Security Guidelines for Storage Infrastructure (published in 2020), ISO 27040 (published in 2015), and SNIA’s storage security publications.
Here are six strategies that infrastructure & security leaders must take to safeguard their data in storage and backup systems:
Data Storage and Backup Security
1. Steer a Culture that Breaks the Silos Between Security and Storage Teams
Security teams often lack a good understanding of storage & backup capabilities, protocols, and the attack surface. Storage teams often adopt a naïve approach to security. They assume it complicates storage management (somewhat true) and that security and performance are contradictory (valid years ago, much less so today). A good first step could be to perform a one-time audit for storage security.
2. Build Safeguards into Storage & Backup Security Processes and Practices
Start by creating secure storage designs, implementations, and management procedures. Walk yourselves through the storage lifecycle from technology inception through security updates and patches to retiring storage devices.
3. Raise Your Security Baseline
To include identity and access management controls that separate administration within and between different data-planes (such as primary storage, backup, and disaster recovery), business functions, and environments (such as production, development, and testing). You can bake security baselines, guidelines, and quality controls into your IT management DNA and apply them with every new storage initiative.
4. Deploy and Inventory Storage & Backup in Adherence with Baseline Security
5. Monitor and Measure Change Against Baselines 24/7
To make sure you never deviate from them.
5. Expand your Incident Response and Recovery Plan
Expand it to cover the storage, using metrics on the likelihood and severity of incidents as they apply to your business. (Use available data to benchmark your environment against other organizations for reference.) Run tabletop exercises to decide how to recover from scenarios such as these:
- An attack wipes out a large storage array supporting thousands of servers, VMs, and operating system instances. The onslaught has erased your data and storage configurations. You must rebuild the array, create the LUNs, and remap them to those servers and data stores.
- A criminal hacker deletes your SAN settings, including zoning and masking. It took years to design and roll out those configurations. Now you must fall back on your documentation and backups. Do you have automation in place to recover quickly?
- An unidentified strain of ransomware targeting a zero-day vulnerability in SAN storage software has hit your storage plane. The ransomware targets primary storage and backups. You need to keep secure backups so you can recover once you stop the attack. You must defuse the malicious software as soon as possible.
Getting On the Storage Security Fast Track
If you ask us what’s the best thing to do as a starting point, we’d say “easy!”. Obviously, it’s to reach out to experts who can identify the “gaps”. They can map your infrastructure and conduct a one-time audit to get you on your way.
Then, understand that automation will be your new best friend for curtailing errors, costs, and person-hours. It’s best to bake automation into storage & backup security provisioning, validation, and auditing. Consider automation that validates your configurations against your security baselines.