What is Direct-Attached Storage (DAS) Security?

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Direct-attached storage (DAS) security helps businesses protect the data stored on their flash drives, hard disk drives (HDDs), and arrays. 

DAS connects directly to computers and servers, commonly through the motherboard or a port, and supplies storage at rest to those business systems. DAS is beneficial because of its low transfer latencies, but it’s also subject to every vulnerability of the system to which it’s attached. DAS security protects both devices and connected computer systems from malicious software, theft, and outages.

What is DAS security?

How does DAS security work?

Rather than a category of software solutions sold to enterprises, DAS security is a set of procedures and protocols that small and medium businesses use to protect their direct-attached storage. These procedures include monitoring servers and computers with connected DAS devices, protecting office spaces and data centers, and configuring company networks securely.

While larger businesses and enterprises may also store data on directly attached hard drives and SSDs, traditional DAS doesn’t typically support the capacity and latencies required for large companies’ storage needs. However, all large enterprises that use DAS to store any company or customer data should also implement these protocols alongside any existing storage security technologies. 

Key components of DAS security

Protecting computers and servers 

Direct-attached storage is only as secure as the systems to which it is connected. Any risks or vulnerabilities faced by the connected computers or servers will also apply to the storage devices.

Examples of computer and server security include protecting passwords, continually monitoring server behavior, and securing internet connections. 

Setting strong passwords

Password protection includes storing passwords in a secure location, like a password management system. They shouldn’t be shared on paper or through email; all password sharing should be encrypted. 

Password protection also requires users to authenticate themselves with previously authorized credentials. IT teams can authorize credentials by whitelisting all approved users and blacklisting any other usernames and passwords. 

Monitoring all server traffic  

Effective server monitoring requires businesses to collect traffic data regularly and analyze it for anomalies. Strange behavior on the server could indicate a breach. Any malicious traffic on a server could also affect any direct-attached storage, endangering that data.    

Protecting Internet connections 

Additionally, if a computer or server that’s hosting DAS is connected to the public internet, it’s at risk from any website viruses or other malware. The attached storage device can also become infected with malware. If a drive like a USB becomes infected in one system and the business moves it to another server, that USB device has just infected a second system.

Securing physical premises 

Because direct-attached storage systems typically reside within a company office or data center, they’re some of the most vulnerable to physical damage or theft. DAS devices are small, which makes them relatively easy to steal or even lose. Protecting DAS looks like requiring credentials to enter data centers and offices. Additionally, storing devices and arrays in a secure location within the premises, like a server room, and giving a key to only a few trusted employees helps protect DAS. 

Another way to maintain physical device security is taking regular inventory. If a business has multiple arrays, external hard drives, or flash drives, it can count devices on a regular basis to ensure that none have been lost. If one has been lost or stolen, storage or security teams can identify that loss more quickly and work to mitigate it. 

Learn more about securing data centers and other office environments.

Securing all networks 

Network security is another component of protecting DAS systems. If DAS is connected to computers and servers either on the company network or the internet, it is vulnerable to network threats. These include misconfigurations, weak network protocols, and IP address spoofing. Protecting business networks includes technologies like firewalls, properly configuring routers and switches, and using HTTPS and other secure protocols.

Read more about tips for securing your enterprise’s network.

Backing up all storage systems

If data is stolen, a computer system goes down, or a segment of the network has an outage, businesses still need to access data. DAS backups allow teams to recover sensitive information or data that’s critical to business operations. 

Direct-attached storage is more difficult to entirely back up than networked storage, so businesses should keep in mind that backing up all of their DAS data may take time. However, it’s important that all important data have multiple copies.  

Another component of DAS backup is a disaster recovery (DR) plan, which lays out detailed instructions for businesses to follow in case a cybersecurity issue happens. DR plans should include DAS backup as well as backup planning for all other storage systems. 

Encrypting all DAS data 

Data at rest, stored in DAS systems, should be encrypted. Encryption scrambles information, and only a valid decryption key can unscramble it.

If other security precautions fail and an attacker steals a hard drive, SSD, or flash drive, they won’t be able to view the stored data while it’s encrypted. Adding a layer of encryption to a business storage security plan helps teams shield their proprietary and customer information even if it’s compromised. 

Read more about encrypting data at rest.

Training employees

Any well-laid security plan can fail if storage and IT personnel aren’t given clear guidelines for protecting direct-attached storage. Every employee that works with storage should receive thorough training that covers:

  • Phishing and social engineering attempts like suspicious links in emails
  • Data center security best practices like requiring credentials for entry
  • Computer and server access permissions

The more IT and storage teams discuss security protocols, the more awareness and accountability their business will have.

How to secure DAS

To prevent spreading malware through storage devices, purchase antivirus and malware scanning programs. These solutions will identify malware in DAS devices before they are moved to another server, which can also be infected.

Secure all company networks and internet connections, so DAS systems are less at risk from network misconfigurations, vulnerabilities, and threat actors. 

Prepare storage personnel and all other employees to meet data security requirements like storage and server privileged access. Each employee should know their access permissions, and their passwords should be stored cryptographically.

Be open with employees and encourage a culture of discussing security practices. Building a transparent company culture is one of the best ways to secure stored data. The more a business talks about protective measures and holds its employees accountable, the better security posture the organization will have overall. 

Read more about ways your business can protect its DAS systems.

Why DAS security is important

DAS security helps businesses:

  • Protect proprietary data: Often, businesses store files with proprietary data at rest on their DAS.
  • Protect customer data: Aside from being a general best practice, securing customer data is also required by some data protection regulations.

Third-party regulatory bodies won’t ignore DAS security either, according to Doron Pinhas, CTO of Continuity

“Organizations report that much closer attention has been paid to storage and backup security by than ever before,” Pinhas said. “According to a recent research report, more than two-thirds mentioned that auditors specifically reviewed their storage and backup systems security. 

“We’re expecting to see much stricter national and international guidance to organizations to tighten their data protection solutions and to avoid negotiating with criminals.”

Businesses are accountable to outside organizations as well as to their customers, and they are responsible for protecting the information stored within their DAS systems. 

Bottom line

Businesses use direct-attached storage systems to store proprietary information and customer data, and for both legal and practical purposes this data must be protected. Securing DAS systems requires not only protecting the devices themselves but also any connected computers and servers, the networks on which those machines operate, and the physical premises where DAS is stored.

There is no firm blueprint for DAS security; it’s not a platform that businesses can buy from security vendors. Securing DAS environments requires organizations to be both systematic and proactive: they must determine which security procedures are most critical based on their offices and data centers, technology, and personnel. Then they must prioritize and implement those procedures. A consistent, patient approach to monitoring storage systems and computing technology, training employees, and maintaining backups is one of the best ways to ensure DAS security. 

Jenna Phipps
Jenna Phipps
Jenna Phipps is a staff writer for Enterprise Storage Forum and eSecurity Planet, where she covers data storage, cybersecurity and the top software and hardware solutions in the storage industry. She’s also written about containerization and data management. Previously, she wrote for Webopedia. Jenna has a bachelor's degree in writing and lives in middle Tennessee.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.