Direct-attached storage (DAS) security is critical for all companies that use solid-state drives (SSDs), hard disk drives (HDDs), or arrays in conjunction with their computer systems.
DAS is directly connected to a computer or server, whether through a cable or installed inside the computer. It’s not accessed over a network and cannot be remotely accessed, such as from geographically separate data centers. DAS systems should be protected at the server and physical level, when sharing data, and by maintaining backups. The following guide to securing DAS systems provides recommendations for companies that need to protect their storage devices and arrays:
How to secure DAS
1.Computer and server protection
To secure servers and computers, businesses should implement the following technologies:
strong passwords
Teams should require strong individual passwords for users to receive access to the computer or server to which the storage device is connected. Once a user has access to the computing system, they have a clearer path to the HDD, SSD, or array attached to it.
Access controls
Aside from requiring strong passwords to enter the computer system initially, administrators should also implement access controls for all applications on the computer or server that permit DAS storage access. Only approved users should be able to view or manage files on the connected drives or arrays. This is also a form of segmentation, a computing technology that decreases lateral movement through the system. An attacker who is required to present credentials at each application entry point will have a more difficult time breaching programs.
Regular system updates
Computer systems and servers are vulnerable to attacks when they have out-of-date software and unpatched vulnerabilities. Often, attackers anticipate vulnerabilities and immediately breach a system when updates on a bug are released to the general public. Companies must be a step ahead and immediately patch their software or update to the latest version to protect against rapid attacks.
Learn more about how to defend common IT security vulnerabilities.
2. Security for physical premises
Since DAS is connected to a computer or server in either an office or data center setting, the storage device or devices can be physically stolen. Businesses should require all employees and contractors to present credentials, such as a key fob or badge, at their premises if they store their data at their office.
Data centers should have the same, if more, physical security: companies should require entry credentials, but server rooms with DAS should also require a separate key for entry. Only team members who absolutely need to access the server room should have a key, and two people should enter at the same time to decrease the risk of insider theft.
3. Securely sharing stored data
Because DAS cannot travel across a network, like a SAN, businesses must find secure ways to transfer stored data from arrays and disk drives. All data transfers should be encrypted end to end, and all shared files should have specific permission controls to determine not only who can edit the file, but who can view it.
4. Backup and availability practices
DAS is difficult to back up and make available, but storing backups of DAS data is still critical. It ensures that other copies of the data exist if a breach or system failure occurs. All hard drives, SSDs, and arrays should be backed up, and at least one copy of each device should be stored in a different location or in the cloud.
5.Continuous monitoring
Ensure that your business is frequently scanning all storage devices for malware. Each time you remove a device from one computer system, scan it for viruses before transferring it to a new system. If the device is infected with malware, installing it in a new computer or server will spread the malicious code farther. If it’s scanned before moving, the business is better able to quarantine the infected system and deal with the malware there, rather than in another system as well.
The computer systems on which DAS is installed should also be frequently scanned and monitored. If a user visited an application or website on that computer system and accidentally downloaded malware onto it, any connected storage could also be infected.
Learn more about data center security.
Commentaires
Enregistrer un commentaire