Ransomware attacks wherever it finds an opening — and the opening doesn’t have to be in an organization for it to be affected, as last year’s supply chain attacks have shown. Though an organization’s data storage solution isn’t typically considered part of their cybersecurity strategy, it certainly can help to secure critical assets.
Each layer of the information technology (IT) infrastructure stack — which includes servers, networks and storage — plays a role in helping maintain a strong security posture, and storage is no exception. Multiple types and presentations of storage are deployed today including network attached storage (NAS), storage area network (SAN) and object storage, each of them optimized for different types of data, workloads and use cases.
Object storage has become a common cornerstone of modern enterprise IT environments due to the rapid growth of unstructured data content. Object storage is deployed widely in security-sensitive domains such as financial services, healthcare (hospitals and biosciences), government agencies and more. Ransomware attacks are a current and real threat in these industries — and a costly one. Global ransomware costs are predicted to exceed $265 billion by 2031.
Attackers continuously innovate with new attack approaches and vectors, making preventing ransomware attacks a huge — and inevitable — challenge. Today, every organization is at risk, which means that preparing for early detection, protection and recovery from these attacks is essential. While object storage (and storage in general) is part of an overall secure infrastructure stack, the object storage layer should also provide capabilities to help protect and recover from attacks.
Authentication and access control
An object storage solution needs authentication; it should validate users when they come in and ensure they are authorized. Ideally, a user must first create an account, and then within the account, they need to present their access keys. Otherwise, they’re locked out.
The authentication process is a crucial element of security, ensuring only authorized users can access the information in data storage environments — and keeping bad actors out. Some object storage solutions provide a multi-tenancy model, or what’s referred to as Identity and Access Management (IAM) in the AWS cloud. This provides the notion of separated tenant accounts and users to ensure data is kept isolated and inaccessible to unauthorized users.
Security leaders can use the principle of least privilege access with an object storage solution — enforcing the minimal level of user rights or lowest clearance level needed for a user to perform their job. The administrator must explicitly allow some actions to happen, with granular control to allow/deny access to specific actions on data.
The value of secure data encryption
Another vital aspect of security is encryption, and it has two parts. First is the in-flight data and requests, which means that if a request comes into the system, it should be encrypted. That way, no snooping technology and no bad actor grabbing packets on the wire can figure out what the request is. That's usually done through secure sockets layer (SSL), which means security certificates. Security professionals can have an encrypted, secure connection into the system all the way to the end point — that’s for both the data and the commands. The command comes in, and nobody can figure out what it is unless they have a valid certification; it’s internal to the system.
The second part of encryption is what industry leaders call encryption at rest, which takes place when security professionals store the data. Object-level encryption is available in some storage solutions, so security leaders can decide which data is encrypted.
How object storage protects against ransomware
Data immutability is a natural outgrowth of object storage — it means data cannot be updated in place, as is the case with a file system. Instead, its basic behavior only provides create, read and delete actions. By enabling versioning at the Amazon S3 Bucket (container) layer, any writes to an existing object will retain the previous version before storing the new version. This naturally provides a recovery capability to the previous version state of the object.
Cybersecurity professionals can look to another technique to ensure data immutability: object locking through the Amazon S3 Object Lock API. Essentially, this implements an irrevocable retention period on data, during which the object cannot be updated, modified or deleted. This entirely prevents the common ransomware attack vector of encrypting data until a ransom is paid. This can be used for any stored data, whether the primary copy or a secondary (backup) copy, to provide an impenetrable defense against attacks.
Security leaders can look to object storage with object versioning, object locking and natural data immutability for ransomware protection and recovery capability in mission-critical use cases.
Joining forces
All industries are susceptible to the ransomware attacks that are running rampant these days. Storage may seem like an odd place to look to augment an organization’s cybersecurity stance, but it’s a real option. Encryption, authentication and data immutability are essential to protecting sensitive data against ransomware. These components help to create unbreakable cloud storage for data centers that preserves availability against ransomware attacks.
