One thing is clear. “business value” The amount of data continues to grow and has become an organization’s primary intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threats to organizations.
Regulators, cyber insurers, and auditors are paying more attention to the integrity, resilience, and recoverability of organizational data than just the IT infrastructure and systems that store it.
What impact does this have on the security of my storage and backup systems?
Just a few years ago, few CISOs thought storage and backups mattered. Today that is no longer the case.
Ransomware has pushed backup and recovery back onto the IT and corporate agenda.
Cybercriminals like Conti, Hive, and REvil target storage and backup systems to thwart restores.
Some ransomware (such as Locky and Crypto) now bypass production systems entirely and target backups directly.
This has forced organizations to reexamine potential holes in their safety nets by revising their storage, backup, and data recovery strategies.
CISO Perspective
We interviewed eight CISOs for insight into new storage, backup, and data protection methods. Here are some of the lessons learned.
 |
| Source: CISO Perspective: The Ever-Changing Role of Data and its Implications for Data Protection and Storage Security (Continuity) |
CISOs are concerned about the rise of ransomware. We are concerned not only with the proliferation of attacks, but also with their increasing sophistication.Attackers have found this to be the single biggest determinant of whether a company will pay the ransom, so storage and backup environments are now under attack.say George YeapenGroup CIO (and former CISO) of Petrofac,
John MeakinGlaxoSmithKline, BP, Standard Chartered and Deutsche Bank believes:Data encryption is important, but not sufficient to protect an organization’s core data. Storage If an attacker finds a way into her system (because data encryption alone can’t stop them), they can delete and compromise petabytes of data, encrypted or not, to You are free to cause serious damage. This also includes snapshots and backups.“
Without proper storage, backup, and data recovery strategies, your organization has little chance of surviving a ransomware attack, even if you pay the ransom.
Shared Responsibility – CISO vs. Storage and Backup Vendors
Storage and backup vendors provide great tools for managing infrastructure availability and performance, but they don’t do the same for security and configuration of the same systems.
Some storage and backup vendors publish security best practice guides. However, implementing and monitoring security features and configurations is the responsibility of the organization’s security department.
However, there are many cyber resilience initiatives underway. These include:
Current ransomware resilience initiatives for storage and backup:
Air-gapped data copy
Adding an air gap means separating backups from production data. This means that if your production environment is compromised, an attacker will not have immediate access to your backups.
You can also keep your storage accounts separate.
Storage snapshots and replication
Snapshots record the live state of your system in another location, whether on-premises or in the cloud. So, if ransomware gets into a production system, it has a good chance of being replicated in copies.
Immutable storage and vaults
Immutable storage is the easiest way to protect your backup data. Data is stored in a WORM (Write Once Read Many) state and cannot be deleted for a pre-specified period of time.
The policy is set at the backup software or storage level and means that backups cannot be modified or encrypted.
Immutability helps remediate cyberthreats, but it doesn’t reliably prevent them.
Immutable storage can be “polluted”, allowing hackers to change the backup client’s configuration and gradually replace the stored data with meaningless information. Additionally, once a hacker gains access to your storage system, they can easily erase your snapshots.
Manage your storage security posture
Storage security posture management solutions help you gain a complete picture of security risks in your storage and backup systems. It continuously scans these systems to automatically detect security misconfigurations and vulnerabilities.
It also prioritizes risks by urgency and business impact, and provides remediation guidance.
4 steps to success
- Defines a comprehensive security baseline for all components of storage and backup systems (NIST Special Publication 800-209. Storage Infrastructure Security Guidelines provides comprehensive guidelines for the secure deployment, configuration, and operation of storage and backup systems. provide reasonable recommendations).
- Use automation to reduce your exposure to risk and significantly increase your agility when adapting to changing priorities. A storage security posture management (also known as storage vulnerability management) solution can go a long way toward mitigating this risk.
- Apply tighter controls and more comprehensive testing of storage and backup security and ability to recover from attacks.This not only increases reliability, but also helps identify key data assets that may not meet the required level of data protection.
- Include all aspects of storage and backup management, including key, often overlooked components such as Fiber Channel network devices, management consoles, and more.
NIST Special Publication 800-209. Storage Infrastructure Security Guidelines provide an overview of the evolution of storage technology, recent security threats, and the risks they pose.
It contains a comprehensive set of recommendations for secure deployment, configuration, and operation of storage resources. These include protecting data and confidentiality using encryption, isolation, and guaranteed recovery.
