Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Enterprises use both direct attached storage (DAS) and network attached storage (NAS) to host large volumes of data that needs to be secured to protect proprietary business property, customer data, and other essential information. There are strengths and weaknesses to how both types of storage handle security, as each relies on different kinds of specific protective measures, policies, and controls.
This guide compares NAS vs. DAS to explore how each handles security to help you better understand their strengths and weaknesses and ensure your own organization is choosing the best storage approach to safeguard data.
Table of Contents
DAS vs. NAS
Direct attached storage is any storage directly attached to a computer or other device without going through a network—for example, hard disk drives (HDDs), flash solid state drives (SSDs), or external hard drives. Network attached storage is file storage connected to a network rather than directly to the hardware, making it accessible to multiple users and from multiple locations.
These days, most organizations store the majority of their business data centrally on NAS file servers, in storage area networks (SANs), or in the cloud. But business data residing on personal computers, laptops, and other devices still needs to be protected.
DAS Security Threats
There are a number of security risks to keep in mind when configuring direct attached storage.
Unsecured Internet Sessions
If the host computer is hacked or a user downloads malware onto it, all directly attached storage is automatically compromised in the process.
Default Admin Passwords
Most DAS ships with default administrative logins and passwords provided by the vendor. These are easy to guess or crack and must be changed.
Weak User Passwords
Changing passwords from the default is not sufficient for security—new passwords need to meet minimum safety standards. If they’re easy to guess or in use for multiple system logins, they’re still liabilities.
Physical Theft
While DAS can’t be accessed over the internet, they’re still vulnerable to physical threats—they can be stolen or physically damaged in an unsecured office building, data center, or in the field.
Unpatched or Outdated OS
Operating Systems need to be updated regularly to keep pace with known threats. An outdated, unsupported, or unpatched OS won’t protect against malware or other risks.
Insufficient Access Controls
Access controls limit who can access what devices or files. Sloppy or unconfigured controls can expose data to the wrong people.
No Backup Copies
If DAS is not backed up and someone steals it, or the computer goes down, that data is now irretrievable.
Read about direct attached storage security to learn more about the nature of specific threats and the most effective methods to protect against them.
NAS Security Threats
Network attached storage systems hold large volumes of enterprise files and are a gold mine for data thieves. They contain both proprietary and customer data, ransomware groups seek to take advantage of them. Here are the common vulnerabilities that endanger data stored in NAS.
Unsecured Networks/Outdated Protocols
Connecting a NAS device to an open or unprotected network using insecure or outdated network protocols can expose it to malware, breaches, or other risks.
OS Vulnerabilities
Some NAS arrays, such as those from vendors like Synology and NetApp, have their own OS and management console. Like computer operating systems, these need to be patched and updated regularly to secure vulnerabilities.
Limited or No Access Controls
Just like DAS, NAS is more susceptible to threat actors without policies that determine who can access a NAS system or that restrict admin levels.
Internet Vulnerabilities
A NAS connected to the internet can be exposed to unsecured web pages or malicious downloads.
Employees
Human error is one of the greatest threats to stored data—password mistakes, opening email attachments without approving them, or other careless actions put NAS systems at risk.
Misconfiguration
NAS systems can be exposed to attack when incorrectly configured by users or administrators.
Read about NAS security to learn more about the types of security risks prevalent in shared network storage and how to protect against them.
Security Policies for DAS and NAS
Many businesses use both DAS and NAS for their storage, and it’s important for them to protect both. Each storage type requires security for company networks as well as the storage devices themselves.
DAS Security Strategies
The key to implementing and maintaining DAS security is to take protective measures for the device itself and to secure all systems and applications in proximity to it or connected to it. DAS security strategies include:
- Secure all internet sessions. Ensure that your computer browsers flag web pages that don’t use HTTPS and enable the most recent version of TLS.
- Create strong passwords for all systems. This includes computers and servers and applications on those machines, which helps protect any connected DAS.
- Set strong access controls. Passwords are part but not all of this—businesses should also specify viewing and editing permissions for DAS data where necessary.
- Update OS and other software regularly. The moment a vulnerability is revealed on servers, patch it.
- Secure physical premises. Data centers and offices should require keycards for access—and, for even more stringent security, maintain an access-restricted server room for all machines with DAS.
- Backup DAS data and store copies. To prevent total data loss, make copies of all your enterprise’s DAS data and store them in the cloud and in various physical locations.
NAS Security Strategies
Files held in NAS systems should be examined for vulnerabilities, but the business should also focus on protecting the entry point to the whole storage system: the NAS management software. NAS security strategies include the following:
- Configure company networks. Set secure policies for the network that the NAS connects to, and solve misconfigurations as quickly as possible.
- Scan files for malware. The average enterprise NAS stores many files, and some could be corrupted by viruses. Files should be regularly scanned and quarantined away from the NAS if malware is identified.
- Provide NAS OS training. Each storage admin needs to know how to configure storage settings, update NAS firmware, and recognize anomalous behavior.
- Provide security training. Get storage and IT personnel actively involved in identifying phishing attempts, malware, and best practices.
- Set strong access controls. Restrict NAS system use to authorized storage administrators and set viewing and editing permissions for all authorized users.
Is DAS or NAS More Expensive to Secure?
The cost of securing a storage system largely depends on the cost of the solutions required and the number of personnel needed to maintain the security policies. Broadly speaking, however, NAS will typically be more expensive to secure overall.
Because NAS systems are farther-reaching and more expensive than DAS, hiring the personnel to manage them will likely be a greater investment than a smaller IT team to handle DAS policies.
This isn’t to say that thorough DAS security doesn’t require an investment. Purchasing strong antivirus or antimalware software, training all employees, and implementing an access control solution takes time and financial resources. But an enterprise-level NAS—particularly one with full-featured management software—will require a large investment.
Though costly and time-consuming, that investment is indispensable for organizations that want to remain compliant with data protection regulations and serve their customers. Sensitive data stored on NAS systems is a key target for ransomware gangs. Sometimes legacy storage solutions don’t receive the level of protection that modern cloud-based solutions do. Ensure that your company doesn’t neglect older storage systems like DAS and NAS.
Bottom line: Which is More Secure, DAS or NAS?
Both DAS and NAS solutions are vulnerable to physical attacks, malware, and network-based attacks. The real comparison here is between the security measures a business has taken to guard its storage, because many organizations have both and need to protect both.
When it comes to DAS vs. NAS, both have advantages and disadvantages around security. Businesses are advised to use strategies from both of the lists above to protect their network-attached arrays and connected drives. DAS or NAS systems are only as secure as the protective measures put into place, consistently practiced, and taught to other employees in the organization.
Read 5 Types of Enterprise Data Storage to see how the most widely used approaches compare, and to determine which are best for your organization’s needs.
