{"id":5049,"date":"2022-11-01T15:35:23","date_gmt":"2022-11-01T19:35:23","guid":{"rendered":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?p=5049"},"modified":"2022-11-04T11:58:36","modified_gmt":"2022-11-04T15:58:36","slug":"data-storage-and-backup-security-how-to-defend-against-ransomware","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/data-storage-and-backup-security-how-to-defend-against-ransomware\/","title":{"rendered":"Data Storage and Backup Security: How to Defend Against Ransomware"},"content":{"rendered":"

\"Data<\/p>\n

This is part of Solutions Review\u2019s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Continuity Software<\/a> CTO Doron Pinhas offers advice on how to defend against ransomware with data storage and backup security.<\/em><\/strong><\/p>\n

\"\"The cost of a single storage system breach could overwhelmingly exceed the investment in a storage security framework and controls.<\/p>\n

Ransomware attacks are growing more frequent and intense for obvious reasons. CISOs and security teams, therefore, expand their framework to encompass storage<\/a><\/strong><\/span> and backup systems<\/a><\/strong><\/span> and add controls specific to their unique needs. They do it as the more they define and enforce detailed security policies, the more they reduce their risk.<\/p>\n

If you\u2019re taking your first storage-security steps, we urgently recommend getting to know prominent storage & backup security guidelines and frameworks. Examples include the NIST Security Guidelines for Storage Infrastructure<\/em><\/a> (published in 2020), ISO 27040 (published in 2015), and SNIA\u2019s storage security publications.<\/p>\n

Here are six strategies that infrastructure & security leaders must take to safeguard their data in storage and backup systems:<\/p>\n

\t\t\t

\"Download<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n

Data Storage and Backup Security<\/strong><\/h2>\n
\n

1. Steer a Culture that Breaks the Silos Between Security and Storage Teams<\/strong><\/h3>\n

Security teams often lack a good understanding of storage & backup capabilities<\/a><\/strong><\/span>, protocols, and the attack surface. Storage teams often adopt a na\u00efve approach to security. They assume it complicates storage management (somewhat true) and that security and performance are contradictory (valid years ago, much less so today). A good first step could be to perform a one-time audit for storage security.<\/p>\n

2. Build Safeguards into Storage & Backup Security Processes and Practices<\/strong><\/h3>\n

Start by creating secure storage designs, implementations, and management procedures. Walk yourselves through the storage lifecycle from technology inception through security updates and patches to retiring storage devices.<\/p>\n

3. Raise Your Security Baseline<\/strong><\/h3>\n

To include identity and access management<\/a><\/strong><\/span> controls that separate administration within and between different data-planes (such as primary storage, backup, and disaster recovery<\/a><\/strong><\/span>), business functions, and environments (such as production, development, and testing). You can bake security baselines, guidelines, and quality controls into your IT management DNA and apply them with every new storage initiative.<\/p>\n

4. Deploy and Inventory Storage & Backup in Adherence with Baseline Security<\/strong><\/h3>\n

5. Monitor and Measure Change Against Baselines 24\/7<\/strong><\/h3>\n

To make sure you never deviate from them.<\/p>\n

5. Expand your Incident Response and Recovery Plan<\/strong><\/h3>\n

Expand it to cover the storage, using metrics on the likelihood and severity of incidents as they apply to your business. (Use available data to benchmark your environment against other organizations for reference.) Run tabletop exercises to decide how to recover from scenarios such as these:<\/p>\n