A Virtual Storage Area Network (vSAN) is a software-defined storage solution that pools multiple direct-access storage devices across a network using abstraction. It creates a single, centralized source of storage that numerous virtual machines can all independently share. While this approach brings flexibility, scalability, and cost-effectiveness, it also comes with its own sets of risks and challenges ranging from unauthorized access to sensitive data to network connectivity issues and vulnerabilities within the network protocols.
This article introduces seven of the most common risks associated with vSANs and explains how to properly mitigate them.
Jump to:
- Unauthorized Access to the Management Console
- Infected Devices in a Single Pool
- Incompatibilities Among Network Devices
- Network Protocol Vulnerabilities
- Unpatched Vulnerabilities in vSANs
- Unencrypted Data at Rest
- Employee Mistakes
- Bottom line: Protecting Virtual SANs
1. Unauthorized Access to the Management Console
If an attacker breaches the main dashboard of a virtual SAN, they have access to configuration tools and security protocols that can then be changed at will. Once fully exploited, a breach of this magnitude could enable smaller breaches in systems across the SAN.
Enterprises should strictly protect the main dashboard of a vSAN system or any other storage network. The power that an administrator-level user has on those networks could be devastating to a business if exploited by a cyberattack.
Ways to protect the vSAN management console include:
- Use an identity and access management (IAM) solution.
- Set strict allowlist and blocklist policies.
- Monitor user activity on the management console and log any anomalous logins or strange behavior once inside, like odd network configurations or database access.
2. Infected Devices in a Single Pool
vSANs pool storage resources from across the business into one virtual location. It’s possible that one or more storage devices could be infected with malware; this is especially dangerous if ransomware enters the vSAN environment.
To avoid pooling devices when one is infected:
- Conduct regular malware scans on every storage device or array.
- Monitor all activity on the network so it’s clear when traffic to a device or array is anomalous.
To prevent an existing infection from spreading to other devices:
- Quarantine any device or array that’s infected by malware or another virus, removing it from the rest of the storage network.
- Immediately scan all other devices on the vSAN for anomalous behavior.
- Continue to monitor the devices on the network in the coming weeks, in case any have a dormant infection.
3. Incompatibilities Among Network Devices
Because virtual SANs pool disparate sources of data, there’s always the possibility that certain network components won’t work together.
To improve network device compatibility:
- Examine hardware and software compatibility on the vSAN before they’re fully implemented.
- Use health check solutions to examine your vSAN regularly, but especially before adding a new hardware or software component to the environment.
4. Network Protocol Vulnerabilities
Virtual SANS are subject to network protocol vulnerabilities, and misconfigurations are an open door for attackers to steal critical business information stored on the storage network. Using deprecated cypher suites or not requiring encryption on critical data feeds cause security gaps as well.
Some deprecated cypher suites need to be disabled to meet regulatory standards like PCI-DSS. This isn’t just a security issue—it can be a legal one as well. If businesses fail to comply with data safety requirements, they could be subject to fines and lose their reputation.
To implement strong network protocols:
- Phase out all legacy storage and network protocols immediately. Use the most recent, secure version; any old protocols are subject to exploitation.
- Replace all deprecated cryptography solutions with industry-standard encryption protocols.
- Implement encryption for all data on the vSAN.
5. Unpatched Vulnerabilities in vSANs
One vulnerability that sometimes gets overlooked is virtualization security issues present in vSAN software. Running on outdated software or firmware can leave your network exposed to a wide variety of threats. The older the system version, the higher the chances that its vulnerabilities have become well-known, increasing the chances of an attacker exploiting them in your network to gain unauthorized access, disrupt critical operations, or cause data loss.
To protect against this risk:
- Regularly patch and update both the firmware and hardware of your network components.
- Keep an eye on vulnerability alerts and advisories using the same vSAN solution, as this would enable you to take action as soon as an update patch is available.
6. Unencrypted Data at Rest
If data stored on the virtual SAN isn’t encrypted, it is subject to viewing and theft by unauthorized parties. Storing sensitive customer data without encryption also breaks some data protection regulations like PCI-DSS, which requires payment card data to be encrypted while stored.
To establish strong encryption practices for the data on your VSAN:
- Choose a strong encryption method, like AES-128 or 256. These long keys with more bits are more challenging for attackers to crack than short ones.
- Set up an encryption key management system. This is necessary to provide viable keys for each storage device.
- Encrypt all encryption keys themselves. A main encryption key should be used to encryption all the data encryption keys (DEKs).
7. Employee Mistakes
One of the greatest enterprise threats to any storage, including virtual SANs, is employee errors. Human threats like errors and misuse consistently cause the majority of data breaches. Some insider vulnerabilities include:
- Clicking links in emails, which may lead to a malware-infected web page or download.
- Failing to set strong passwords or reusing weak passwords already in use for other applications.
- Unauthorized virtual desktop sessions, like Remote Desktop Protocol (RDP), used to connect employees to a remote computer. Remote desktop setups are notoriously subject to ransomware attacks.
- Malicious intent. This is much less common—most employee threats are genuine mistakes or careless actions—but some workers do intentionally compromise their networks.
To mitigate these vulnerabilities, host extensive employee training sessions that include:
- Realistic simulations of breaches and their effects. Employees will get bored and tune out if they just have to watch long sets of cybersecurity videos.
- Interesting results from enterprise penetration testing. Pen tests reveal the exact blind spots in a security infrastructure, including the mistakes workers make.
- Conversations between coworkers. Accountability makes a difference in cybersecurity practices, and the more frequently employees talk about threats, the better positioned they’ll be to prevent them.
Just like other networks in the IT infrastructure, virtual SANs are vulnerable to human error.
Bottom line: Protecting Virtual SANs
Virtual storage area networks are a beneficial technology for enterprises with multiple remote storage solutions—but if not secured, they pose a significant threat to organizations. A single ransomware infection can spread throughout a network and remain undetected for weeks. Such an attack could render large volumes of data unusable and cost a business millions of dollars.
Severe strains of malware like ransomware are capable of putting companies out of business entirely and have already done so. vSANs are just as susceptible to cyberattacks as other networks, and their vulnerabilities put them at risk for data theft and system outages.
To prevent infected storage devices from affecting the entire network, restrict storage access, and decrease insider error, organizations must set stringent security controls on their virtual SANs. These include updating network protocol vulnerabilities, scanning storage devices, creating access controls, and training employees frequently. These practices decrease the risk of an outage and help businesses regain control over their stored data.
This article was updated by Anina Ot in September 2023.
Read SAN Storage Solutions for Businesses to learn more about enterprise storage area networks.