When the subject of data security comes up, it often begins, and unfortunately, ends with encryption. Indeed, encrypting data is critical, but in most cases, if the hacker or malware program compromises a user or administrator account, then more than likely it will expose all the data to the hacker in the clear. Encryption as a cure-all for data breaches and protection against malware is overrated.
Encryption is the Primary Ingredient of the Security Sandwich
It is necessary to surround data encryption with strong authentication controls and advanced analytics to detect a breach before too much damage occurs. While most of the front-end authentication is the responsibility of network and security teams, the storage team has a role to play. User accounts, for the most part, have limited access to the environment, but these are the accounts on which the network and security teams focus their attention. Superuser accounts like those used to manage backup, replication and archive processes though are much harder to restrict and can do far more damage if breached. If the storage team can limit the number of superuser accounts it requires, then it can significantly reduce the impact of a breach.
A secure storage system, as we discussed in our recent webinar, “Three Reasons Storage Security is Failing and How to Fix it,” should provide the ability to have a single account provide data protection, data replication, data encryption and data archiving. A storage system with these capabilities could significantly reduce the number of required superuser accounts.
The other side of the security sandwich is analytics. IT needs to live in the reality that despite best efforts breaches will occur. Once a breach has occurred, IT’s primary objective is to identify the breach quickly and limit the damage. Analytics, running in real-time, can continuously scan for rapid file changes, the placement of executables on user data volumes, and consecutive failed login attempts. Once the system alerts IT to one or more of these situations, they can stop or eliminate the breach or malware.
Analytics and reporting also help with recovery. The reporting function should inform what files have changed. IT can then use the storage system’s protection capabilities, like snapshots, to restore just the infected file. Again, to learn more about why analytics is critical to delivering a completely secure storage system watch our on demand webinar “Three Reasons Storage Security is Failing and How to Fix it.”
There is no security silver bullet. Securing an organization’s data requires a multi-layer approach. Often overlooked though is the role of the storage system itself. If vendors deliver security capabilities integrated into their systems, then organizations are empowered to secure their data and recover from data breaches or malware.
To learn more about designing a cyber-secure storage system, watch our on demand webinar “Three Reasons Storage Security is Failing and How to Fix it.” Attendees to the webinar can download an exclusive copy of our latest eBook “Designing Storage for Cyber-Security” in the attachments section.