An enterprise network switch.
Despite the rise of the cloud, storage area networks (SANs) remain the backbone of many enterprises. They are used to store vast amounts of data and serve it to a wide range of user throughout the organization. SAN security has risen in prominence of late, given the propensity of cybercriminals to be able to break […]
Despite the rise of the cloud, storage area networks (SANs) remain the backbone of many enterprises. They are used to store vast amounts of data and serve it to a wide range of user throughout the organization.
SAN security has risen in prominence of late, given the propensity of cybercriminals to be able to break into just about every nook and cranny of the enterprise. Here are some of the top trends in SAN security:
Gil Hecht, CEO of Continuity, points out that SANs are just as vulnerable to cyberattacks as the rest of the infrastructure. This is a change from years ago when SANs were considered to be back-end systems that weren’t under much threat. That has changed completely.
“Some ransomware – Locky and Crypto – now bypasses parameter systems altogether, and goes straight for the data center core, like storage and backups,” said Hecht. “This has forced storage teams and CISOs to look again at potential holes in their safety nets, by reviewing their primary and secondary storage systems.”
There’s always a great emphasis on firewalls and securing the obvious networks and communications infrastructure. But enterprise storage is now mission critical, too. It is where the data resides that is the lifeblood of the organization.
“All companies should be able to quickly restore data from their primary and secondary storage resources as part of an effective cyber resilience strategy,” said Hecht.
Hecht added that most vulnerability scanners and patch management systems focus on operating systems and applications. They do a fine job identifying the presence of Common Vulnerabilities and Exposures (CVEs), misconfigurations, and other weaknesses found in OSes and apps. But they typically miss badly on such problems found in SANs, backup systems, and other storage technologies.
Some of the most common vulnerabilities and security misconfigurations discovered in storage systems, according to Hecht, include:
Tools are now available that are designed to find such areas of risk.
“Scanning your storage environment for vulnerabilities and security misconfigurations is a critical part of a storage security strategy,” said Hecht.
Ahsan Siddiqui, Director of Product Management for Arcserve, advises anyone running a SAN to ensure that their security plan includes a robust data backup and recovery strategy to ensure the organization stays operational even after a ransomware attack. However, this may not be enough as cybercriminals are realizing that organizations are relying on backups, so they are now targeting all copies of backup data, including primary, secondary, and backup data, and then encrypting the primary data.
Organizations, then, had better put a good recovery process in place for SAN data including adequate protection for their backups.
One good way to protect SAN data is via comprehensive backups and the use of air gapping.
“One of the most practical and effective ways to secure backup data against a ransomware attack in a SAN is air gapping,” said Siddiqui. “The beauty of air gapping is that it makes it nearly impossible for ransomware to compromise data backups.”
There are two types of air gapping. The first is traditional, physical air gapping, in which an organization disconnects the digital asset from all other devices and networks, creating a physical separation between a secure network and any other computer or network. Using a physical air gap, organizations store backup data on media such as tape or disk, then disconnect these media entirely from their production IT environment.
The second type of air gapping is called logical air gapping. A logical air gap relies on network and user-access controls to isolate backup data from the production IT environment. It’s like a one-way street on which data is pushed to its intended destination, whether a storage device on-premises or a custom appliance. The key here is that the control and management of that data, such as how it is retained or who can modify it, is not available through that same system or path. Anyone who wants to manage or alter the data must go through entirely different authentication channels.
Drew Robb is a contributing writer for Datamation, Enterprise Storage Forum, eSecurity Planet, Channel Insider, and eWeek. He has been reporting on all areas of IT for more than 25 years. He has a degree from the University of Strathclyde UK (USUK), and lives in the Tampa Bay area of Florida.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
