Whether data is stored on-premises or in the cloud, it must be safeguarded. Those storage resources contain the organizational crown jewels — the data, intellectual property, and customer records that are the lifeblood of the business. Storage security, therefore, is a vital and ongoing concern.
Here are some of the top trends in storage security:
1. Blended Storage
Blended storage is not only more common — it is becoming the norm.
“With hybrid cloud becoming the de facto mode of operation for most enterprises today, IT infrastructure teams are challenged with the task of ensuring security for these blended storage environments,” said Steve Pruchniewski, director of product marketing at Komprise.
“IT pros need to understand how to secure not just NAS and SAN storage, but also objects, such as Amazon S3 and Azure Blob, and they must consider how these technologies interact.”
With Azure, for example, a company could tier files to Azure Blob and then enable NFS access to that storage in the cloud. It is important for companies to be aware that with new ways to access data, storage security must be broadened. Those migrating file data to object storage also need to ensure they are configuring permissions correctly — often the security entities, or users and groups, may not line up one for one from on-premises Active Directory to the security entities in the cloud, said Pruchniewski.
2. Edge Storage
A major trend in storage security involves data at the edge. Many companies need to analyze customer data at their edge sites instead of sending it to the cloud.
Additionally, there are over 50 billion Internet of Things (IoT) devices in circulation. This all means there is more data at the edge than anywhere else. With this increase in data, companies must find solutions to keep and protect it.
“Edge data can be particularly at risk, due to physical security limitations at these smaller sites and because encrypting data can be expensive and difficult to manage,” said Bruce Kornfeld, chief marketing and product officer at StorMagic.
“Implementing encryption on all storage devices and applications at the edge and utilizing centralized key management solutions are essential to addressing these challenges, as edge computing is the future of data processing.”
3. SaaS Security
It can be the Wild West out there. No matter how IT tries to stay in control, developers and line of business heads might have downloaded software-as-a-service (SaaS) applications.
“SaaS acquisition is becoming more decentralized, and companies drastically underestimate the number of SaaS applications being used by employees,” said Lior Yaari, co-founder and CEO of Grip Security.
It can be very hard to prevent employees taking advantage of SaaS to get their job done. This means a company’s SaaS acquisition and consumption policies need to take into account the employees who will purchase and use both sanctioned and unsanctioned SaaS applications.
Because the SaaS universe is always expanding, security teams need a framework that provides continuous monitoring for any new SaaS usage, with the ability to centrally control access for every user and their associated storage.
4. Kubernetes Storage
The deployment of Kubernetes is growing rapidly. But the more it is deployed, the more the related security and storage requirements have to be figured out.
For example, CloudStrike cloud security researchers discovered a vulnerability dubbed “cr8escape,” in the Kubernetes container engine CRI-O. And a new Veritas Technologies study revealed that even though many organizations are embracing containerization, businesses are missing the opportunity to deliver rapid protection to these at-risk data sets, by failing to extend data protection from their traditional workloads out across their containerized environments. The study found that only 33% of companies that have deployed Kubernetes so far have the tools in place to protect against data-loss incidents, such as ransomware.
“Kubernetes is easy for organizations to deploy and quickly improves affordability, flexibility, and scalability — it’s no wonder so many are embracing containerization,” said Anthony Cusimano, solutions evangelist at Veritas.
“But because deployment is so simple, organizations can easily surge ahead faster with their Kubernetes implementation than their Kubernetes protection. Suddenly, they’ve found themselves with two-thirds of their mission-critical Kubernetes environments completely unprotected from data loss. Kubernetes has become the Achilles heel in organizations’ ransomware defense strategies.”
5. Connecting to Storage
As well as protecting storage at rest, organizations need to provide protection for when it is being transmitted, migrated, uploaded, or downloaded. VPNs can often be a weak point.
Authenticating a user to a network through a VPN to provide access is becoming obsolete as workers work remotely and are not connected to the company network. User expectations are also changing, and they expect to be able to access any application from any device anywhere in the world. Thus, many organizations are replacing them with cloud-based secure web gateways.
“Identity-based access is replacing network-based access, eliminating the need for VPNs in the modern enterprise network,” said Yaari with Grip Security.
“Solving the access problem through identity management is the best approach, especially in the age of the cloud and SaaS.”