Storage area network (SANs) security is the measures a company takes to protect the data contained within devices on their network.
Threat actors like ransomware groups target storage networks, because the data stored within is valuable to the enterprise, and a breach can financially benefit hackers while destroying the company’s reputation. SAN security measures help a company regain control over their sensitive information, including customer data that must be protected. See below to learn all about what SAN security is in the market:
What is SAN security?
SAN security explained
Storage area network security protects a company’s network of hard disk drives (HDDs), solid-state drives (SSDs), redundant array of independent disks (RAID) storage, and servers. It includes components like proper network configuration, access controls, and encryption.
Storage area networks connect physical storage devices in a logical pool, so data stored on the devices is all accessible to an application or user. SANs are beneficial, because they pull together data from multiple geographic locations. If an enterprise has flash arrays in two data centers, one in Scotland and one in New Zealand, they may need their CRM software to access customer data stored on devices in both data centers. SANs make that possible.
Because enterprise storage networks can contain sensitive company information and personal customer data, they’re important to secure. A SAN might access data from tens or hundreds of storage devices.
Enterprises are required to comply with different data protection and data privacy regulations, too. If a governing body discovers that they didn’t take basic steps to secure their SAN, the body could rule them guilty of a breach. Potential consequences include fees and loss of reputation. Often, businesses are required to disclose a data breach to their customers if it affects them.
SAN security applies to both IP and Fibre Channel networks. The IP-based protocol iSCSI uses TCP/ICP for transmission of data, which gives it flexibility to run on multiple networks but also is a vulnerable protocol. IP-based networks are subject to IP address spoofing and denial of service (DoS) attacks, among other threats.
Although Fibre Channel is generally considered to be more secure, it still requires security measures. If a Fibre Channel network connects to an IP network, it is subject to IP vulnerabilities as well. And FC networks should still have stringent access controls.
Because data is stored within storage networks, SANs are automatically a target, according to Peter Skovrup, VP of product management for FlashArray at Pure Storage.
”Attempts to tamper with or corrupt the integrity of the data are the number one form of attack,” Skovrup said. “Cybersecurity threats for SANs are typically specific to host/server vectors, where storage volumes are vulnerable to attack from ransomware. As such, this is typically the focus in most enterprise security efforts.”
SANs help companies consolidate their storage management by allowing them to apply the same policies for multiple devices and arrays in different locations. But for that storage to be secure, enterprises must apply consistent security measures to the entire network, too.
Learn more about the importance of SAN security for enterprises.
Types of SAN security
Physical SAN security
Physical elements of a SAN include the enterprise’s premises, their storage devices, and any network switches, routers, and other hardware.
Storage area networks include physical network switches and connect to physical storage systems. Those network components, hard drives, and flash arrays must be protected, too.
Physical protection includes requiring sufficient credentials for entry into any facility that holds devices on a storage network, any network hardware, or any computer that can access the SAN. All storage managers or admins should be vetted and receive background checks before receiving access controls to any storage solutions on the SAN.
Digital SAN security
Access controls should be implemented at every level of the SAN as well as at every entry point. Zero-trust security is a key technology here: it’s an approach to network security that requires users to verify themselves before each session. Rather than leaving users to laterally move through the network, roaming as soon as they’ve accessed the SAN, it requires credentials for each individual application.
Companies should ideally have a central management console for their SAN, so they can monitor switches and other hardware, apply consistent policies, and view potential incidents. Enterprise SAN software requires close watching for abnormal behavior, like network usage at strange times or an unnatural number of access requests.
SAN data recovery
Aside from preventative security, businesses should also develop a data recovery strategy if an incident or cyberattack does occur. Keep in mind, however, that this is difficult to quickly accomplish, according to Mike Peavley, SVP of Global Services at data management company Panzura.
“SANs face a particular challenge not in the defense against ransomware, but in the recovery,” Peavley said. “Even with a recent and clean backup, restoring even a moderate-sized enterprise SAN can take weeks. That can easily bankrupt any modern company that relies on their data to do business.”
Since recovery is such a significant challenge, enterprise teams should create detailed plans in case a ransomware attack or other breach occurs. They must know exactly how much downtime they can afford before the business loses money. If the standard recovery timeline for a SAN is longer than the company’s recovery time objective (RTO), the business risks considerable financial loss.
Features of SAN security
Some key features of SAN security include:
- Access controls: Network access controls limit users’ ability to view and edit configurations as well as the data stored on the SAN.
- Digital certificates: Switches that join a SAN should be authenticated through a digital certificate before being permitted on the network.
- Network protocols: Protocols like Secure Socket Layer (SSL) help companies protect their SANs that are connected to the internet. Other protocols include Secure File Transfer Protocol (SFTP) and Simple Network Management Protocol (SNMP).
Because of the sheer volume of enterprise data that SANs store and their interconnected nature, businesses should take careful measures to secure their SANs. These include implementing secure network protocols and setting strict company-wide access controls. Although SAN environments are difficult to fully secure, it’s a worthwhile endeavor for enterprises that want to steward and protect their data.
Is your business considering a SAN security solution? Read about the best practices for implementing SAN security next.