The goal of cyber-secure storage is to eliminate attempts to breach an organization’s storage and access its data. The prior three blogs describe methods IT can take to better protect the organization’s data assets; however, despite all the best efforts, there is always a chance that a bad actor will breach the environment. A key capability of a cyber-secure system is its ability to provide information to IT, of a breach’s occurrence.
Most primary and secondary data protection storage systems provide limited protection from a breach. The extent of their cyber-proofing is, at best, encryption, which as discussed in previous blogs is not enough. These systems make matters worse by giving IT no indication of a breach.
IT needs an auditing and reporting feature built into all its storage systems. An auditing function or utility needs to provide a complete analysis of all user activity. The auditing function should identify users changing an unusually large number of files, which indicates a potential ransomware attack. It should also identify users that copy a large number of files to another device or another service. This could indicate a malware attack that steals data.
In addition to tracking users, the system needs to audit changes to volumes and file-systems. In a breach situation, a hacker may attempt to change the encryption keys for a volume or file-system. The auditing software should alert IT of that activity.
Real-time is Key
The auditing and reporting function needs to deliver its information automatically, in real-time. IT can’t manually run the auditing and reporting software, instead it needs to run continuously alerting IT to any problems. The real-time requirement also means integrating auditing and reporting capabilities directly into the storage software and not purchasing it from a third party after the fact.
A single feature, like encryption, doesn’t make a system secure. IT needs to meet the cyber-security challenge head on by selecting a consolidated storage system with built in data protection and data management. A consolidated system keeps IT from having to manage multiple security methods and simplifies overall storage management.
The consolidated system, with built in data protection and management, provides the foundation for IT to then properly implement encryption. Implementation of data encryption needs to occur from the first time the storage system is powered up while ensuring no one can disable it. Selective encryption creates the opportunity for data insecurities and inconsistencies in performance.
Finally, it may be possible to compromise even the best system. The storage system needs to provide real-time alerting of user files and the status of volumes and file-systems.
As IT planners examine the concepts that create a cyber-secure storage system, they will also see that the same system solves many other problems. The cyber-secure system’s consolidation capabilities reduce storage management headaches while it’s built in data protection capabilities reduces pressure on the data protection process. Additionally, its ability to transparently move data to another system or to the cloud reduces the physical cost of the system and makes upgrades less likely.