Storage area networks (SANs) connect multiple storage devices and systems, including geographically distributed ones, and allow storage pros to access data from many stores, which all need to be protected. Securing stored data across a SAN helps protect an enterprise’s financial position, compliance status, and reputation.
Protecting a variety of storage solutions, guarding against ransomware attacks, complying with regulations, and preparing for new technologies are some of the reasons to secure an enterprise’s SAN. See below to learn all about the significance of securing storage area networks as part of a company’s overall network security posture:
Why SAN security is critical
- Why is SAN security important?
- Storage area network technology issues and risks
- Protecting your SAN from security issues
Why is SAN security important?
Multiple storage solutions
Because a SAN permits access to more than one storage device, array, or application, a cyberattack can compromise all those storage systems rather than just one. The more sources of data in a SAN, the more data can be compromised in a single attack. Enterprises should particularly focus on SAN security if they connect the bulk of their storage solutions through a Fibre Channel or IP network.
Mission-critical data
Often, enterprise SANs store some of the company’s most important or sensitive data. Although backups do help enterprises recover critical information in some cases, they’re not always sufficient to avoid losing revenue, according to Jonathan Halstuch, co-founder and CTO, Racktop Systems.
“This data is often referred to as tier-0 or tier-1 data and is vital to providing services for the enterprise and its customers,” Halstuch said.
“So it is important that it is available and protected against unauthorized access that could destroy data on the SAN or make the SAN unavailable. Even if an organization has backups, it could take a long time to recover from backups, and this would lead to downtime. Depending on the industry, this downtime could mean lost revenue or in the case of health care, excess deaths.”
Companies should make it clear to all relevant stakeholders which data is mission critical for business operations. Although all data needs to be protected, it’s still good to know which data is absolutely essential for standard business procedures to run smoothly.
Increased ransomware attacks and other cyberthreats
Storage area networks are susceptible to attacks like any other part of IT infrastructure. For a SAN to be secure, employees need to know about attacks, such as ransomware, according to Ryan Mitchell, senior director of the enterprise integration group at HPE Storage.
“One of the biggest ways these attacks happen is social engineering or phishing attacks, not a lack of proper patching or updates,” Mitchell said.
“This means that in addition to having preventative security controls and automated recovery processes, SAN and storage network security depends on educating users on potential threats and creating a security culture within the organization.”
Although proper configuration and network updates are still critical, they aren’t the only focus area for storage network admins. Developing a security culture requires businesses to make company-wide cybersecurity knowledge a top priority. Frequently training employees to recognize social engineering attempts prepares them to avoid engaging with threat actors, but it also engenders a culture of transparency within the business. Teams that know exactly what cyberattacks look like and talk about them frequently can keep each other accountable when they’re tempted to break an internal security rule.
Regulatory compliance stance
Most regulatory standards for data protection have stringent requirements for data access, and some require compliance leaders to know exactly who can access each system on a SAN. This is challenging for enterprises, because SANs can be extensive. However, it’s critical to for businesses and storage teams to know which individuals can see customer data. If they aren’t able to provide properly completed audits reporting enterprise-wide data access, their organization may be subject to a fine through laws like PCI-DSS, which requires companies to monitor system access.
Read An In-Depth Guide to Enterprise Data Privacy from CIO Insight to learn more about implementing privacy within your organization.
Development of NVMe technology
Adding business cybersecurity procedures is important for Non-Volatile Memory Express over Fabrics (NVMe-oF) networks. Because NVMe permits direct network communication between NVMe storage devices, it’s a form of high-speed storage network that has the potential to change data centers and entire storage infrastructures. However, it needs protection, according to James Kwon, senior director of product management for ONTAP at NetApp.
“As enterprise SANs move from FC to Ethernet for accessing remote or cloud endpoints, those SANs will transit public networks,” Kwon said.
“So security becomes more important, and it’s critical to take steps beyond the typical security practices. This is especially relevant as more customers adopt NVMe-oF technologies.”
Although NVMe-oF hasn’t been widely adopted by enterprise storage teams, businesses should prepare for those implementations. Security for NVMe technologies should begin now, before widespread adoption.
Learn more about the potential future of NVMe-oF and other storage technologies: Object Storage Could End POSIX
Storage area network security issues and risks
Physical threats to data
It’s not just applications and networks that need to be secured. Although physical threats to SANs are common, they don’t get as much attention, according to Bruce Kornfeld, chief marketing and product officer at StorMagic.
“The internet, cloud, and applications get a lot of media attention, but what happens down at the storage level? When IT teams dispose of disk drives, if data is not encrypted, the process to destroy data is very complicated, time consuming, and expensive,” Kornfeld said.
“Another use case is theft, particularly at the edge. In these smaller sites, physical building security is quite lax, and it is fairly easy for an intruder to get access to the storage and simply steal it.”
Encrypting hardware and the SAN in general helps prevent data loss in these environments, Kornfeld said.
Network configuration and protocol vulnerabilities
Often, networks like SANs require users to be authorized, but they don’t require them to provide authentication. Attacks that exploit a lack of appropriate authentication protocols are often easy for threat actors to carry out.
When an enterprise team identifies all the points on its network that need to be gated, it can more effectively set authentication protocols that provide access only to those who prove their right to use it.
Lateral movement
Users shouldn’t only be required to provide authentication once — they should provide their credentials to access every storage solution on the network. Because SANs are used to access so many storage solutions, they’re an easy target for attackers who laterally move through the network. Lateral movement occurs when a hacker gains access to one system and is able to move to a connected one on the network because of other stolen credentials or insufficient access controls.
Michael Brown, system administrator at Discourse, emphasizes this. Although technology like SANs is convenient, it also poses dangers.
“Centralized storage has benefits for enterprise IT admins, but with all storage behind a single administrative interface, it becomes a lucrative target for advanced persistent threats (APTs) and ransomware operators,” Brown said.
“Access to centralized storage gives an attacker everything. A lateral move from servers to SANs, whether due to shared credentials or logging into the management interface from a compromised computer, must be guarded against at all costs.”
Protecting your SAN from security issues
Authentication is critical for enterprises implementing SANs or just beginning the process of securing their storage networks. Each system entry point should be gated, and ideally, a client should be required to verify its identity at each entry point on the network. Frequent authentication protects the data stored within and helps businesses better track who is allowed access to each individual application or database. A zero trust architecture, for instance, is one of the most secure types of storage infrastructure.
Enterprises that store either customer data or sensitive business data on their SAN are responsible for protecting their databases, virtualized environments, flash arrays, and private cloud storage solutions. Although beginning that process isn’t easy, it’s of utmost importance for storage networks, so a business can be compliant, secure, and confident in storing its data.
To learn how to implement enterprise SAN security, read Storage Area Network (SAN) Security Best Practices next.