Network-attached storage (NAS) is in heavy use throughout the enterprise. Instead of data being housed on each server or beside each application, it is corralled into NAS boxes as a means of storing data centrally. The benefits are convenience, performance, and storage efficiency. But there is a potential downside. If the bad guys can get in, they can do damage to information that impacts a broad range of users, applications, and systems. Hence, the profile of NAS security has been raised in recent years.
Here are some of the top trends in NAS security:
1. Edge NAS
NAS is well known in the data center. Organizations often have multiple NAS units on-premises on which they store their data. But now NAS is making its way out to the edge. Edge data centers are a growing use case for NAS.
“A key trend I see happening is that the reach of NAS is extending from centralized enterprise data centers out to enterprise edge deployments, as well as into small-to-medium businesses (SMB) environments,” said Surya Varanasi, CTO of StorCentric. “Driving this trend are advancements in ease of management and functionality, as well as new NAS solutions entering the market in form factors and at price points that make them cost-effective for those deploying them across numerous edge deployments, as well as for SMBs.”
More users, therefore, can afford and benefit from features that were previously reserved for enterprise data centers. This includes in-line compression, Active Directory (AD) support, data-at-rest encryption and data sharing, as well as additional advanced data backup, protection and security capabilities.
2. Immutable storage
Immutable storage is data that cannot be edited, altered, or deleted. Once it is written, it cannot thereafter be changed. This is important for compliance, but also for security. Ransomware, for example, blocks access to data and if the ransom isn’t paid, the data is altered and rendered unusable. Immutable storage is a safeguard against this. It is being implemented broadly across NAS platforms.
“Immutable storage will become more prevalent in NAS solutions throughout 2023,” said Travis Johnston, Director, Market Strategy, Folio Photonics. “This is driven by the fact that malicious actors are launching increasingly complex attacks every day while storage volumes continue to grow. This means that users should start thinking about implementing, or planning to implement, immutable storage into their NAS solution to better protect their digital assets from cyberattacks.”
3. The end of data copy proliferation
Organizations have been plagued by copies of data in NAS environments being placed on uncontrolled or unknown storage locations. This proliferation of copies puts valuable or confidential data outside the control of IT systems that control access and compliance. It represents a significant security threat. IT may think it has good security over NAS systems. Yet there may be copies of the data lurking in some unprotected area. Security personnel have now realized this. They are putting an end to the proliferation of data copy creation outside the systems under their control.
“Users and administrators both should be looking for software solutions that make copies when and where needed (for data protection, analytics, collaboration) without moving the data to a location out of the control and audit path of the management software,’ said Molly Presley, Senior Vice President of Marketing at Hammerspace.
4. Requirements for global audit
NAS data has become siloed as hybrid cloud environments for unstructured file data have become more common. Data is copied and spread across multiple purpose-built vendor storage systems at the edge, in data centers, and in the cloud. There needs to be some way of keeping track of all this, auditing how and where data is copied, and how well an organization is complying with a wide range of applicable data protection and privacy mandates.
“Security officers and IT teams focused on compliance and tracking of activity with unstructured file data will begin to make Global Audit a requirement in data orchestration and data management software selection,” said Presley. “They should be looking for solutions that create an audit log of all file system activities across the hybrid cloud.”
5. NAS sniffing
The Security Technical Work Group of the Storage Networking Industry Association (SNIA) called attention to the fact that cybercriminals can and do attempt unauthorized observation of network traffic that could constitute a data breach. For NAS users, protections should be enabled to guard against traffic sniffing when using certain NAS protocols. SNIA’s recommendation is to institute remote procedure call encryption by default on NAS systems.