Protecting virtual storage area networks is just as important as protecting any other storage environment. Virtual SANs compile storage resources from multiple devices and arrays into a single virtual pool, making them a target for cyberattackers.
Virtual SANs are a beneficial storage technology because enterprises can scale or decrease VSAN capacity depending on their storage needs. If a business’s storage needs suddenly grow exponentially, a virtual SAN will be suited to handle that growth. Additionally, VSANs virtualize organizations’ existing storage capacity to make it available in one location, even if the storage systems are actually in different states or countries.
While it is a security benefit that each virtual SAN environment’s problems don’t necessarily extend to the entire storage infrastructure, VSANs are not immune to vulnerabilities. They still store large amounts of data, and if one hard drive in a remote data center is infected, all on-premises devices connected to the virtual SAN can be, too. This guide explains the security issues inherent in virtual storage networks and their mitigation strategies.
Risks of implementing a virtual SAN
- Unauthorized access to the larger management console
- Infected devices in a single pool
- Compatibility between devices on the network
- Network protocol vulnerabilities
- Unpatched vulnerabilities in VSANs
- Unencrypted data at rest
- Employee mistakes
- Bottom line: Protecting virtual SANs
Unauthorized access to the larger management console
If an attacker breaches the main dashboard of a virtual SAN, they have access to configuration tools and security protocols that can then be changed at will. Once fully exploited, a breach of this magnitude could enable smaller breaches in systems across the SAN.
Enterprises should strictly protect the main dashboard of a VSAN system or any other storage network. The power that an administrator-level user has on those networks could be devastating to a business if exploited by a cyberattack. Ways to protect the VSAN management console include:
- Use an identity and access management (IAM) solution.
- Set strict allowlist and blocklist policies.
- Monitor user activity on the management console and log any anomalous logins or strange behavior once inside, like odd network configurations or database access.
Infected devices in a single pool
VSANs pool storage resources from across the business into one virtual location. It’s possible that one or more storage devices could be infected with malware, this is especially dangerous if ransomware enters the VSAN environment.
To avoid pooling devices when one is infected:
- Conduct regular malware scans on every storage device or array.
- Monitor all activity on the network so it’s clear when traffic to a device or array is anomalous.
To prevent an existing infection from spreading to other devices:
- Quarantine any device or array that’s infected by malware or another virus, removing it from the rest of the storage network.
- Immediately scan all other devices on the VSAN for anomalous behavior.
- Continue to monitor the devices on the network in the coming weeks, in case any have a dormant infection.
Learn more about preventing different types of malware.
Compatibility between devices on the network
Because virtual SANs pool disparate sources of data, there’s always the possibility that certain network components won’t work together. According to Aarti Dhapte, senior analyst at Market Research Future, VSAN incompatibility is frequent in data centers with components that don’t connect well.
“If any of the underlying or linked dependencies is incompatible or not working properly, the VSAN may perform badly or fail completely,” Dhapte said. “VSAN compatibility issues are widespread, particularly in heterogeneous data center infrastructures where disparate hardware and software pieces often require fixes or upgrades without careful consideration of interdependence.”
To prevent these issues, Dhapte suggested examining platform compatibility requirements in advance. “Even small point updates may affect the VSAN compatibility requirements, necessitating the installation of a new underlying driver or firmware version,” she said. Additionally, diagnostics and health check tools help businesses determine compatibility of the components on the virtual SAN, identifying potential issues before they fully arise.
To improve network device compatibility:
- Examine hardware and software compatibility on the VSAN before they’re fully implemented.
- Use health check solutions to examine your VSAN regularly, but especially before adding a new hardware or software component to the environment.
Learn more about network monitoring solutions for network health and performance.
Network protocol vulnerabilities
Virtual SANS are subject to network protocol vulnerabilities, according to Doron Pinhas, CTO of Continuity Software. Misconfigurations are an open door for attackers to steal critical business information stored on the storage network.
“Cybercriminals can use such configuration mistakes to retrieve SAN configuration information and stored data, and in many cases, can also tamper with the data itself, including the copies used to protect the data,” Pinhas said. Tampering includes modifying, destroying, or locking business information.
Businesses often have network configuration problems like legacy storage protocols like SMBv1 and NFSv3, according to Pinhas. Using deprecated cypher suites or not requiring encryption on critical data feeds cause security gaps as well.
“It is critical to secure those SAN protocols both during session establishment and while exchanging data,” Pinhas said. “Deploying a vulnerability management solution for your SAN can help to scan and detect these security misconfigurations.”
Pinhas also pointed out that some deprecated cypher suites need to be disabled to meet regulatory standards like PCI-DSS. This isn’t just a security issue — it can be a legal one as well. If businesses fail to comply with data safety requirements, they could be subject to fines and lose their reputation.
To implement strong network protocols:
- Phase out all legacy storage and network protocols immediately. Use the most recent, secure version; any old protocols are subject to exploitation.
- Replace all deprecated cryptography solutions with industry-standard encryption protocols.
- Implement encryption for all data on the VSAN.
Are there holes in your network security? Learn about network audits for your business to identify any weaknesses.
Unpatched vulnerabilities in VSANs
Virtual SAN software has vulnerabilities, too. And according to Chris Novak, managing director of Verizon’s Threat Research Advisory Center, many of these vulnerabilities have been around for a long time.
“These aren’t ‘zero day’ vulnerabilities as people might expect,” Novak said about commonly exploited weaknesses in virtual SANs. “In many cases, they are relatively old, well-known, and patchable vulnerabilities. That means that they are almost fully preventable.”
When Novak and his team perform investigations for VSAN victims, the results are often straightforward. “The reason we almost always hear from the victim is that they didn’t get around to applying the patch because they couldn’t risk downtime or outages,” he said. “As a result, they would delay implementation of the patches and updates.”
Yes, using time and money to carefully patch storage networks has an initial cost. But it’s worthwhile in the long run to prevent multiple breaches. According to Novak, businesses have to know exactly where storage networks are and who’s responsible for managing them, as well as preparing in advance for vulnerability patching.
“Ensure that you have defined patch program policies and procedures to address them. This should include executive support and buy-in, along with regular testing,” Novak said.
Thorough testing often slips through the cracks in an organization’s security infrastructure. It’s one thing to set a multitude of controls; it’s entirely another to make sure they work in a safe environment before releasing them into the wild to hopefully protect your business.
Novak addresses businesses’ lack of confidence in regular patching, attributing it to a lack of prior testing.
“Like many other emergency and crisis functions, if they are only ever tested in times of emergencies and crisis, it’s not surprising that people will struggle to have faith that they will work as planned,” he said. “If routine testing occurs and a ‘muscle memory’ can be developed, leaders can increase their confidence that the outcomes will be positive.”
Unencrypted data at rest
If data stored on the virtual SAN isn’t encrypted, it is subject to viewing and theft by unauthorized parties. Storing sensitive customer data without encryption also breaks some data protection regulations like PCI-DSS, which requires payment card data to be encrypted while stored.
To establish strong encryption practices for the data on your VSAN:
- Choose a strong encryption method, like AES-128 or 256. These long keys with more bits are more challenging for attackers to crack than short ones.
- Set up an encryption key management system. This is necessary to provide viable keys for each storage device.
- Encrypt all encryption keys themselves. A main encryption key should be used to encryption all the data encryption keys (DEKs).
Learn more about encryption for managing data access and security.
Employee mistakes and how to mitigate them
One of the greatest enterprise threats to any storage, including virtual SANs, is employee errors. Human threats like errors and misuse caused 82% of data breaches in 2022, according to Verizon’s 2022 Data Breach Investigations Report. Some insider vulnerabilities include:
- Clicking links in emails, which may lead to a malware-infected web page or download.
- Failing to set strong passwords for storage networks like VSANs or reusing weak passwords that are already in use for other applications.
- Unauthorized virtual desktop sessions, like Remote Desktop Protocol (RDP), used to connect employees to a remote computer. Remote desktop setups are notoriously subject to ransomware attacks.
- Malicious intent. This is much less common — most employee threats are genuine mistakes or careless actions — but some workers do intentionally compromise their networks.
To mitigate these vulnerabilities, host extensive employee training sessions that include:
- Realistic simulations of breaches and their effects. Employees will get bored and tune out if they just have to watch long sets of cybersecurity videos.
- Interesting results from enterprise penetration testing. Pen tests reveal the exact blind spots in a security infrastructure, including the mistakes workers make.
- Conversations between coworkers. Accountability makes a difference in cybersecurity practices, and the more frequently employees talk about threats, the better positioned they’ll be to prevent them.
Just like other networks in the IT infrastructure, virtual SANs are vulnerable to human error.
Read more about training your storage employees to recognize attack strategies and prevent them.
Bottom line: Protecting virtual SANs
Virtual storage area networks are a beneficial technology for enterprises with multiple remote storage solutions, but if not secured, they pose a significant threat to organizations. A single ransomware infection can spread throughout a network and remain undetected for weeks. Such an attack could render large volumes of data unusable and cost a business millions of dollars.
Severe strains of malware like ransomware are capable of putting companies out of business entirely and have already done so. 60 percent of cyber-attacked small businesses go bankrupt within a period of six months. VSANs are just as susceptible to cyberattacks as other networks, and their vulnerabilities put them at risk for data theft and system outages.
To prevent infected storage devices from affecting the entire network, restrict storage access, and decrease insider error, organizations must set stringent security controls on their virtual SAN. These include updating network protocol vulnerabilities, scanning storage devices, creating access controls, and training employees frequently. These practices decrease the risk of an outage and help businesses regain control over their stored data.
Is your organization considering security software that will help protect virtual SANs and other environments? Read about our picks for the top cybersecurity solutions next.