Direct-attached storage (DAS) used to be the only kind of storage that existed. All of the data resided on the client device. Then organizations realized that they could gain economies of scale and increase collaboration by centralizing data and sharing it over the network. First servers were used as the place where data was stored – users accessed the server to retrieve their data.
But as the volume of data grew, this became cumbersome. network-attached storage (NAS) and storage area networks (SANs) arrived on the scene as the next stage of the centralization of storage. However, DAS never went away. Every PC and every laptop contains some DAS. Those used by consumers are primarily DAS devices. Corporate laptops, even those that harness a virtual desktop model where the data is stored centrally, still contain some local storage. But the bulk of PCs and laptops remain DAS-centric.
Here are some of the top trends in DAS:
1. Better data protection
Jason Lohrey, CTO at Arcitecta, said that regardless of whether the data is in DAS, SAN, NAS, or the cloud, the increasing prevalence of ransomware is leading users to seek better options for protecting their data.
“Storage vendors understand the threats and are attempting to add resilience mechanisms to thwart ransomware attacks,” he said.
2. Last line of defense
Some of the obvious security safeguards for DAS, or any storage, include:
- Surveillance to identify unusual behavior that might be deemed a ransomware attack
- Creating immutable copies of data that can be restored in the event of an attack
“These methods sit outside the filesystem using integrations via the filesystem APIs and change logs,” said Lohrey. “These approaches are typically classed as a last line of defense – they work enabling recovery in hours, days and sometimes weeks. Whilst that avoids the need to capitulate to ransomware re attackers, it can still mean there is a significant impact to business operations.”
3. First line of defense
As a result, we are seeing a trend towards additional layers of security in order to provide strength in depth. Heading into 2023, there will be an increased focus on what could be called first line of defense where attacks are stopped altogether or can be immediately unwound without recourse to backups. That will achieve a recovery point objective (RPO) and recovery time objective (RTO) that approach, if not reach, zero.
“An RPO or RTO that is greater than zero is a compromise that exposes customers increased risk of data and financial loss,” said Lohrey. “Customers should push vendors to achieve RPO and RTO of as close to zero as possible and seek out resilience solutions that achieve those objectives.”
4. Anomaly identification
Anomaly identification continues to be one of the better methods for network-based threat detection and will trend that way in 2022 and the future most likely – for both DAS and network-based storage, according to Tim Silverline, VP of Security at Gluware. Why? Threat actors have become adept at hiding malicious traffic flows in a variety of ways that limit the effectives of traditional signature-based threat detection solutions.
“To detect and respond to advanced persistent threat (APT) style attacks using anomalous behavior as a starting point can better identify these hidden threats,” said Silverline.
5. Talent shortage
Although DAS continues to be prevalent, users within corporate networks need all the help they can get from enterprise IT. Yet there is an ongoing shortage of skilled security talent. If IT is struggling to keep up to date with trouble tickets or is drowning in security challenges, it should look to augment its in-house skill sets by bringing in outside providers or using cloud services.
“As the cyber security talent shortage continues, leveraging outside help to more quickly detect and respond to threats in real-time is a necessity for many organizations,” said Silverline. “This is especially true for smaller organizations that want to be able to monitor around the clock while their employees are sleeping. Since threat actors will often plan their attacks during these times to evade detection.”
Organization should be asking themselves if they have a solution for detecting anomalous behavior in their network and planning a strategy to achieve this goal if not. Additionally, they should ensure that they have the resources to properly analyze alerts from all of their toolsets 24/7 and consider some of the many managed detection and response services out there to fill any gaps in either talent or time coverage.