Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

Object storage: An ally in defeating ransomware

By Paul Speciale
hacker ransomware
May 3, 2022

Ransomware attacks wherever it finds an opening — and the opening doesn’t have to be in an organization for it to be affected, as last year’s supply chain attacks have shown. Though an organization’s data storage solution isn’t typically considered part of their cybersecurity strategy, it certainly can help to secure critical assets.

Each layer of the information technology (IT) infrastructure stack — which includes servers, networks and storage — plays a role in helping maintain a strong security posture, and storage is no exception. Multiple types and presentations of storage are deployed today including network attached storage (NAS), storage area network (SAN) and object storage, each of them optimized for different types of data, workloads and use cases.

Object storage has become a common cornerstone of modern enterprise IT environments due to the rapid growth of unstructured data content. Object storage is deployed widely in security-sensitive domains such as financial services, healthcare (hospitals and biosciences), government agencies and more. Ransomware attacks are a current and real threat in these industries — and a costly one. Global ransomware costs are predicted to exceed $265 billion by 2031.

Attackers continuously innovate with new attack approaches and vectors, making preventing ransomware attacks a huge — and inevitable — challenge. Today, every organization is at risk, which means that preparing for early detection, protection and recovery from these attacks is essential. While object storage (and storage in general) is part of an overall secure infrastructure stack, the object storage layer should also provide capabilities to help protect and recover from attacks.

Authentication and access control

An object storage solution needs authentication; it should validate users when they come in and ensure they are authorized. Ideally, a user must first create an account, and then within the account, they need to present their access keys. Otherwise, they’re locked out.

The authentication process is a crucial element of security, ensuring only authorized users can access the information in data storage environments — and keeping bad actors out. Some object storage solutions provide a multi-tenancy model, or what’s referred to as Identity and Access Management (IAM) in the AWS cloud. This provides the notion of separated tenant accounts and users to ensure data is kept isolated and inaccessible to unauthorized users.

Security leaders can use the principle of least privilege access with an object storage solution — enforcing the minimal level of user rights or lowest clearance level needed for a user to perform their job. The administrator must explicitly allow some actions to happen, with granular control to allow/deny access to specific actions on data.

The value of secure data encryption

Another vital aspect of security is encryption, and it has two parts. First is the in-flight data and requests, which means that if a request comes into the system, it should be encrypted. That way, no snooping technology and no bad actor grabbing packets on the wire can figure out what the request is. That's usually done through secure sockets layer (SSL), which means security certificates. Security professionals can have an encrypted, secure connection into the system all the way to the end point — that’s for both the data and the commands. The command comes in, and nobody can figure out what it is unless they have a valid certification; it’s internal to the system.

The second part of encryption is what industry leaders call encryption at rest, which takes place when security professionals store the data. Object-level encryption is available in some storage solutions, so security leaders can decide which data is encrypted.

How object storage protects against ransomware

Data immutability is a natural outgrowth of object storage — it means data cannot be updated in place, as is the case with a file system. Instead, its basic behavior only provides create, read and delete actions. By enabling versioning at the Amazon S3 Bucket (container) layer, any writes to an existing object will retain the previous version before storing the new version. This naturally provides a recovery capability to the previous version state of the object.

Cybersecurity professionals can look to another technique to ensure data immutability: object locking through the Amazon S3 Object Lock API. Essentially, this implements an irrevocable retention period on data, during which the object cannot be updated, modified or deleted. This entirely prevents the common ransomware attack vector of encrypting data until a ransom is paid. This can be used for any stored data, whether the primary copy or a secondary (backup) copy, to provide an impenetrable defense against attacks.

Security leaders can look to object storage with object versioning, object locking and natural data immutability for ransomware protection and recovery capability in mission-critical use cases.

Joining forces

All industries are susceptible to the ransomware attacks that are running rampant these days. Storage may seem like an odd place to look to augment an organization’s cybersecurity stance, but it’s a real option. Encryption, authentication and data immutability are essential to protecting sensitive data against ransomware. These components help to create unbreakable cloud storage for data centers that preserves availability against ransomware attacks.  

KEYWORDS: cyber security threat data recovery data storage encryption Identity Authentication network storage devices ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

As Chief Marketing Officer at Scality, Paul Speciale leads the firm's global marketing organization across both product and corporate marketing. Paul’s experience spans 20+ years of industry experience in both Fortune 500 companies, such as IBM and Oracle, as well as several successful startups.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-security.jpg

    The next evolution of cyber defense: Ransomware-proof object storage

    See More
  • Person using computer monitor

    An ally for organizations navigating the complex cyber terrain

    See More
  • data-center-freepik1170x658.jpg

    Storage: An essential part of a corporate cybersecurity strategy

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing