Tips to Tackle Storage Security Vulnerabilities

By CIOReview | Thursday, September 22, 2016

With a deluge of data being generated every day, it’s significantly important for organizations to store, maintain, and secure the data. Along with new technologies, new vulnerabilities and threats come into picture, requiring solid defense mechanisms to address these concerns. The vulnerabilities in the storage arena, has created the need for implementing stringent security measures.

Storage security is a collective process enabling the authorized and legitimate users to store and access storage resources. The security initiatives further necessitate technologies and stringent policies on storage access to enhance security of any storage resource. Moreover, the process deals with the security around the storage architecture and prevents access to all unidentified and malicious users.

The Key Elements in Storage Security

The first and the foremost key requisite is to understand the security risks against the information assets and data being stored. The risk involves; physical access to the system where the information is stored and logical access: the person responsible for accessing the operating system, applications and files. The risk is also based on the security value of the data by maintaining confidentiality, integrity and availability. Confidentiality restricts users to tamper with the data, integrity ensures consistency of the data, and availability includes handiness of the data when required.

List of Storage Vulnerabilities in the Organization

Storage servers play a crucial role in protecting the organization’s information. In case of SAN, NAS or any other server, the security concern should be given the prime importance. Whether implementing a new storage system or deploying additional servers, storage configuration can be exploited in an easy manner.

Starting with the vulnerabilities, the first and foremost is limited share and file-level access control through default OS or settings, further restricting the access. On the other hand, too much reliance on data encryption with poorly-coded applications can increase the chances of intruder’s penetrating and causing damage. In addition, lack of maintaining audit trails, and lack of monitoring on both personnel and processors eventually add up to vulnerabilities. Moreover, lack of protection for shared information containing sensitive information scattered around servers without access control and knowledge on the network administrator’s end, increases the associated risk in the organization.

Ways to Test Storage Security Vulnerabilities

Testing storage security requires the need for robust command line tools to scan the network using port scanner. It can further identify the device host and also examine if other services are running in the system.

In addition, testing also requires access to the network session in order to obtain CHAP information off the wire. The information can be gained by plugging into a span/ mirror/ monitor port on the Ethernet switch or through using an ARP positioning tool. After performing the test, user should also make sure that the results are analyzed and moreover, make recommendations before ensuring the result.

Solutions for Storage Security Vulnerabilities

Several combinations of policies and procedures, including technical solutions and training are the ideal way of dealing with storage security vulnerability. The policies and procedures in the organization incorporate data acquisition policy to retain and protect data. Technical policy includes implementing a user access policy and a disposal policy; meeting the information life-cycle of the data to be protected.

Technical policy should precisely focus on encrypting the data by managing the encryption keys. It should further deploy access controls to identify the user accessing the data. Ensuring data deduplication helps in eliminating the need for saving and storing duplicate files within the system.

Finally, the disaster recovery and business continuity; to ensure the availability of data do not infringe the security while accessing them.

The gradual growth in storage technologies overweighs security concerns through incorporating policies, risk analysis, physical security controls, logical security control, and audit. These steps further enable confidentiality, integrity and availability of the storage systems through identifying new evolving threats and vulnerabilities. Organizations can also tailor their storage architecture to provide strong storage security and defense.