StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.
It’s all about the data.
One thing is clear. The “business value” of data continues to grow, making it an organization’s primary piece of intellectual property. And from a cyber risk perspective, attacks on data are the most prominent threat to organizations.
Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the IT systems that store this data.
So, what does this mean for the security of enterprise storage & backup systems?
Ransomware has pushed data protection and recovery back onto the IT and corporate agenda. Throughout 2024, ransomware groups have been actively targeting enterprise storage and backup systems, to prevent recovery.
In a survey we ran throughout May-August 2024, we compiled feedback from Storage, Backup and IT Infrastructure leaders in Fortune 500 enterprises. You can access the full report here.
The purpose of this survey was to understand their plans and priorities for managing configuration of storage & backup environments, deploying new cyber recovery capabilities, as well as navigating audit compliance requirements.
The top 4 configuration areas Storage teams are looking to improve are:
1. 65% – Detect hardware or software reaching end-of-support
2. 53% – Detect deviation from ransomware protection best practices and vendor’s hardening guidelines
3. 53% – On-demand configuration compliance evidence reporting
4. 44% – Benchmark your security posture score against industry peers
The top 4 security & recoverability areas Storage teams are looking to improve are:
1. 77% – Backup and restore of system configuration
2. 63% – Data classification at the storage volume, pool or backup policy level
3. 58% – Detect devices exposed to security advisories and alerts
4. 42% – Detect immutability and isolation misconfigurations
The standards that are internally mandated for Storage, Data Protection and Backup Systems include:
1. 49% – NIST 800-53
2. 44% – PCI DSS
3. 33% – CIS
4. 30% – ISO/IEC 27000 series
Detect hardware or software reaching end-of-support
By proactively detecting and addressing end-of-support systems, you can ensure continuous security posture and data protection – while improving system reliability.
Detect deviation from ransomware protection best practices and vendor’s hardening guidelines
Key strategies include implementing immutable backups, secure snapshots, anomaly detection, user behavior analysis, multi-factor authentication (MFA), two-person integrity controls, and secure time synchronization.
On-demand configuration compliance evidence reporting
Manual evidence gathering is hugely time-consuming. By automating these tasks, organizations can operate at scale, efficiently manage diverse systems, and reduce dependence on individual team members, ultimately improving accuracy and consistency in compliance efforts.
Benchmark your security posture score against industry peers
Survey participants are keen on benchmarking their security posture against industry peers, probably because it provides a clear understanding of where they stand in terms of security maturity.
Backup and restore of system configuration
In conjunction with data backup, it is crucial to also regularly backup device and system configurations. System configuration includes settings, policies, and operational parameters, and are critical to the proper functioning and performance of storage and backup infrastructure.
Data classification at the storage volume, pool or backup policy level
By categorizing data based on its sensitivity—such as personally identifiable information (PII), protected health information (PHI), or social security numbers—organizations can apply appropriate access controls, encryption, and monitoring measures tailored to the level of risk associated with each data type.
Detect devices exposed to security advisories and alerts
In recent months, multiple vulnerabilities in storage and backup solutions have been discovered and actively exploited. These include CVE-2022-26500 and CVE-2022-26501 within Veeam Backup & Replication, which allow remote, unauthenticated attackers to execute arbitrary code. And CVE-2021-27876 within Veritas Backup Exec, which allows unauthorized file access through the Backup Exec Agent.
It’s only a matter of time until even more vulnerabilities are actively exploited by bad actors, putting petabytes of production data at risk, as well as backup copies. Here are some recent news headlines:
Acronis Warns Of Critical-Severity Vulnerability Being Exploited In Their Storage And Cyber Protection Platform The security defect allows threat actors to execute arbitrary code remotely due to the use of default passwords, which could have dire consequences for the victims. | |
Lockbit Variant Targets Backup Software – Which Is Supposed To Help You Recover From Ransomware Yet another new ransomware gang, EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago to drop file-encrypting malware, a LockBit variant, and extort payments from victims. | |
Vulnerabilities Expose Brocade SAN Appliances & Switches to Hacking 18 vulnerabilities were identified in Brocade storage appliances, including unauthenticated flaws allowing remote attackers to log in to vulnerable devices as root |
Detect immutability and isolation misconfigurations
Here’s a list of do’s & don’ts for your immutable backups:
Do’s | Don’ts |
Configure the immutability retention period Use secure time synchronization Enable two-person rule on immutability related settings Consider enabling anomaly detection Secure underlying hardware components such as iDRAC, IPMI, BMC, iLO, etc. Enable local user MFA Limit number of sessions Account Login Threshold Restrict administrative access Create Security Officer Disable inactive users Harden your backup catalog / repository | Many vendor solutions offer multiple flavors of immutable backup – some are softer than others. Weaker immutability mode enable users to alter, disable or remove the immutability option altogether – that of course defeats the purpose of immutability – you want to avoid these modes. Don’t use the same credentials to manage both primary storage and backup systems Don’t enable unrestricted remote access Don’t enable unsecure protocols such as FTP, Telnet or plaintext HTTP Don’t use unrestricted or vulnerable file shares Do not allow untrusted hosts to join the Backup domain Don’t use default passwords |
At the beginning of 2024, ISO released ISO/IEC 27040:2024, which provides recommendations for the security of storage & backup systems.
NIST SP 800-209 – Security Guidelines for Storage Infrastructure is one of the most authoritative guidelines in the industry. It includes a comprehensive set of recommendations for the secure deployment, configuration, and operation of storage & data protection systems.
The latest regulation to enter the scene in Europe is the Digital Operational Resilience Act (Regulation (EU) 2022/2554) – also known as DORA. The framework requires financial institutions to have a robust and resilient storage and backup system in place, to protect their data from unauthorized access, loss, or corruption.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) provides comprehensive requirements for protecting cardholder data, which includes guidelines related to storage and backup systems, like
regularly scanning and testing storage systems for vulnerabilities and implementing multi-factor authentication for access to storage systems
CIS
The CIS (Center for Internet Security) Controls emphasizes several key aspects in securing storage and backup systems, like ensuring backups are encrypted and stored securely, with controls to prevent unauthorized access.
It’s time to automate the secure configuration of your storage & backup systems.