Chief information security officers (CISOs), along with their staff, typically do not think about enterprise storage. The vast majority say that they think about edge protection, network protection, application protection, and the threat of data theft. They are rightfully interested in trusted execution technology, considering zero-trust architectures for infrastructure assurance and assessments for root of trust, such as validating firmware updates for all the cards that are in an enterprise’s servers. Against this backdrop of the multi-faceted nature of cybersecurity, many CISOs have never even thought about the security of enterprise storage.
As a result, enterprise storage is often left out of cybersecurity corporate strategies – much to the potential detriment of a comprehensive cybersecurity plan. Ignoring the security of enterprise storage is like leaving your house’s doors unlocked, even though you checked to be sure that you firmly secured all your windows. A gap exists when cyber storage resilience, including cyber detection on primary storage, is not incorporated into a comprehensive cybersecurity strategy.
The security of enterprise infrastructure needs to be comprehensive. IT leaders cannot afford for their enterprise storage to be a critical missing piece; it will cost them dearly in the long run, since the stakes continue to rise amid daunting threats. Not only has enterprise storage changed in recent years, but hackers and other cyber criminals have also evolved and become more sophisticated in finding and exploiting the weak points of storage security.
This is why ransomware and malware have become such an issue from an enterprise storage perspective. Enterprises have not done enough, in general, to secure their storage infrastructure, no matter whether they are using an all-on-premises storage environment or a hybrid cloud approach with a mix of on-prem and public cloud. Cyberattacks are forcing CISOs, as well as broader IT teams, to reconsider the role of enterprise storage in the landscape that cyber criminals are attacking. Storage can no longer be overlooked.
Here’s a simplified snapshot of what needs to be considered for an enterprise to build out the security of enterprise storage:
- Encrypting data at rest
- Encrypting data in flight
- Using immutable snapshots of data
- Being able to create a fenced forensic environment
- Using logical air gapping – local, remote, or both
- Being able to run cyber detection on primary storage
- Being able to execute rapid recovery of the last known good copy of data (nearly instantaneously and with guaranteed recovery times)
- Focusing on both primary storage and secondary storage (back-up)
IT leaders and CISOs need to think of enterprise storage as a mission-critical part of their overall enterprise cybersecurity strategy. An end-to-end approach needs to be taken to stay ahead of cybersecurity threats. This entails evaluating the relationship between cybersecurity, storage, and cyber resilience. Primary storage and secondary storage need to be protected.
Cyber criminals are extremely tricky. They can infiltrate an enterprise’s infrastructure and stay there, undetected, for months at a time. The average number of days it takes to identify and contain a data breach, according to security analysts, is 287 days. Intruders take advantage of the value of data by accessing critical enterprise storage resources and, in many cases, unleashing ransomware and malware, among other types of cyberattacks. They aren’t only attacking primary storage; they are also going after secondary storage.
They exploit the vulnerabilities of enterprises that have left both their primary storage infrastructure and their secondary/backup/disaster recovery storage exposed. If enterprises don’t encrypt their data, don’t replicate their data, and don’t encrypt their data when replicating it, these enterprises have effectively let intruders steal their back-up data, which is often close to their primary data.
All of this is indicative of a need in the enterprise market to modernize data protection capabilities to include a significant element of cyber storage resiliency. Every piece of an organization’s storage estate must be cyber resilient to ensure business continuity in the face of a cyberattack.
A cyber storage resilience solution is deemed effective when it provides guaranteed availability and fully scaled data restoration for business continuity. An enterprise’s cyber defense is only as good as the immutable nature of its data that can be recovered from a known good copy, how tight the air gapping is, how secure its forensic environment is, how fast the cyber recovery is, and the guarantees that stand behind those recovery times.
Immutable snapshots ensure that copies of data cannot be changed, altered, or deleted. Therefore, the integrity of the data is preserved. The next step is logical air gapping, which creates a gap between the source storage’s management capabilities and the immutable snapshots.
Fenced forensic environments are needed to provide a safe location to conduct forensic analysis of immutable snapshots. In them, a copy of the data is identified, which is free from malware or ransomware. Only then should it be restored to primary systems − once it is known to be safe. Regardless of the size of the dataset, the data must be recovered.
In addition, cyber detection is needed. It can essentially be used in two ways. One way is as an early warning system. You scan the immutable snapshots to see if there are indications of a cyber intrusion. You can choose what you want to scan. You don’t even have to scan the whole snapshot. In addition, you can scan databases of all types: files, volumes, workloads. It’s your decision. After you do the scan, if something comes back that looks strange, the automated cyber detection capability sends an email and creates an alert, providing an early warning signal.
The other way is for when your enterprise is attacked. In order to do a rapid recovery that will neutralize the effects of the cyberattack, you need a known good copy of the data. The last thing you want to do is recover immutable snapshots that have malware or ransomware hidden inside them. Before cyber detection, you would not necessarily know whether malware or ransomware was present.
In a forensic fenced environment, you can undertake cyber detection of the immutable snapshots to identify the known good copy of data – and this is done on primary storage. You no longer need to call the Oracle team or the SAP team to have them take a look at the data in the fenced area. You can do the scanning yourself in the fenced forensic environment through the storage platform with cyber detection capabilities. You can better manage the process of ensuring a known good copy of data that can then be recovered rapidly.
In summary, think of your enterprise storage as an essential part of your holistic corporate security strategy. This means that every possession in a company’s enterprise storage estate needs to be cyber resilient, designed to thwart ransomware, malware, internal cyber threats, and other potential attacks. Cybersecurity must go hand in hand with storage cyber resilience, which forms the basis for the security of enterprise storage.