Storage area network (SAN) security encompasses all the measures a company takes to protect the data contained within storage devices on their network.
Threat actors like ransomware groups target storage networks because the data stored within is valuable to the enterprise, and a breach can financially benefit hackers while destroying the company’s reputation. SAN security measures help a company regain control over their sensitive information, including both proprietary and customer data that must be protected.
What is SAN security?
SAN security explained
Storage area network security protects a company’s network of hard disk drives (HDDs), solid-state drives (SSDs), redundant array of independent disks (RAID) storage, and servers. It includes components like proper network configuration, access controls, and encryption.
Storage area networks connect physical storage devices in a logical pool, so data stored on the devices is all accessible to an application or user. SANs are beneficial, because they pull together data from multiple geographic locations. If an enterprise has flash arrays in two data centers, one in Scotland and one in New Zealand, they may need their CRM software to access customer data stored on devices in both data centers. SANs make that possible.
Because enterprise storage networks can contain sensitive company information and personal customer data, they’re important to secure. A SAN might access data from tens or hundreds of storage devices.
Enterprises are required to comply with different data protection and data privacy regulations, too. If a governing body discovers that they didn’t take basic steps to secure their SAN, the body could rule them guilty of a breach. Potential consequences include fees and loss of reputation. Often, businesses are required to disclose a data breach to their customers if it affects them.
SAN security applies to both IP and Fibre Channel networks:
- The IP-based protocol iSCSI uses TCP/ICP for transmission of data, which gives it flexibility to run on multiple networks but also is a vulnerable protocol.
- IP-based networks are subject to IP address spoofing and denial of service (DoS) attacks, among other threats.
- Although Fibre Channel is generally considered to be more secure, it still requires security measures.
- If a Fibre Channel network connects to an IP network, it is subject to IP vulnerabilities as well.
- Like all networks, FC networks should still have stringent access controls.
SANs are an automatic attack target
Because data is stored within storage networks, SANs are automatically a target, according to Peter Skovrup, VP of product management for FlashArray at Pure Storage.
”Attempts to tamper with or corrupt the integrity of the data are the number one form of attack,” Skovrup said. “Cybersecurity threats for SANs are typically specific to host/server vectors, where storage volumes are vulnerable to attack from ransomware. As such, this is typically the focus in most enterprise security efforts.”
SANs help companies consolidate their storage management by allowing them to apply the same policies for multiple devices and arrays in different locations. But for that storage to be secure, enterprises must apply consistent security measures to the entire network, too.
Learn more about the importance of SAN security for enterprises.
Types of SAN security
Organizations will use multiple types of SAN security to secure both the physical and the digital parts of a network. For example, hardware like routers needs to be secured, but so do network management consoles. True SAN security encompasses all parts of a storage infrastructure, including data recovery in case an attack is successful.
Physical SAN security
Physical elements of a SAN include the enterprise’s premises, its storage devices, and any network switches, routers, and other hardware.
Storage area networks include physical network switches and connect to physical storage systems. Those network components, hard drives, and flash arrays must be protected, too.
Physical protection includes requiring sufficient credentials for entry into any facility that holds devices on a storage network, any network hardware, or any computer that can access the SAN. All storage managers or admins should be vetted and receive background checks before receiving access controls to any storage solutions on the SAN.
Digital SAN security
Access controls should be implemented at every level of the SAN as well as at every entry point. Zero-trust security is a key technology here: it’s an approach to network security that requires users to verify themselves before each session. Rather than leaving users to laterally move through the network, roaming as soon as they’ve accessed the SAN, it requires credentials for each individual application.
Companies should ideally have a central management console for their SAN, so they can monitor switches and other hardware, apply consistent policies, and view potential incidents. Enterprise SAN software requires close watching for abnormal behavior, like network usage at strange times or an unnatural number of access requests.
SAN data recovery
Aside from preventative security, businesses also need a data recovery strategy if an incident or cyberattack does occur. Keep in mind, however, that this is difficult to quickly accomplish, according to Mike Peavley, SVP of Global Services at data management company Panzura.
“SANs face a particular challenge not in the defense against ransomware, but in the recovery,” Peavley said. “Even with a recent and clean backup, restoring even a moderate-sized enterprise SAN can take weeks. That can easily bankrupt any modern company that relies on their data to do business.”
Since recovery is such a significant challenge, enterprise teams should create detailed plans in case a ransomware attack or other breach occurs. They must know exactly how much downtime they can afford before the business loses money. If the standard recovery timeline for a SAN is longer than the company’s recovery time objective (RTO), the business risks considerable financial loss.
Key components of SAN security
Maintaining SAN security requires businesses to use safe network protocols, authenticate both users and SAN technology, and back up their storage environments. These technologies not only ensure that the right people are using the right protocols, but also that there’s additional protection if a storage network is compromised.
Network access controls limit users’ ability to view and edit configurations as well as the data stored on the SAN. By restricting network administration privileges to those who absolutely need them to do their job, IT and storage teams reduce the opportunity for unauthorized access, credential theft, and insider misbehavior.
Switches that join a SAN should be authenticated through a digital certificate before being permitted on the network. This reduces the chance for switch spoofing attacks, which disguise a malicious system as a legitimate network switch.
Protocols like Secure Socket Layer (SSL) help companies protect their SANs that are connected to the internet. Other protocols include Secure File Transfer Protocol (SFTP), which uses encryption to secure file transfers, and Simple Network Management Protocol (SNMP), which helps monitor network device behavior.
In case other security practices fail or the business undergoes an outage, all data on a SAN should be backed up. Organizations should also store backups securely — for example, all copies of backed-up data should be encrypted, and at least two should be stored in two different physical locations unless one is damaged.
Every employee in the organization whose work affects networks, storage systems, or any IT procedures should receive cybersecurity training. This includes, but is not limited to:
- Social engineering awareness (like suspicious links in emails and text messages)
- Bring your own device (BYOD) and shadow IT policies
- Physical premises security (such as key cards or security guards)
The more IT and storage teams speak about security threats and vulnerabilities, the more they will cultivate a team culture of transparency. This decreases the number of opportunities to slack on security or even perform insider data theft.
Because of the sheer volume of enterprise data that SANs store, businesses should take careful measures to secure their SANs. Storage networks’ interconnected nature mean that once one storage device or array has been breached, the other ones are also at risk.
Necessary SAN security practices include implementing secure network protocols, setting strict company-wide access controls, and training all storage, IT, and networking personnel. Although securing SAN environments is difficult, it’s always a worthwhile endeavor for enterprises that want to steward and protect their data.
Is your business considering a SAN security solution? Read about the best practices for implementing SAN security next.