Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches.
- Changes to port zoning, file shares, LUNs, access rights, backup policies, administrative accesses and other configuration items can adversely affect the security posture of your storage and backup systems.
- Upgrades, updates and hotfixes to storage OE, storage firmware, storage software components and backup software often result in hardened security settings being reverted to non-secure values, without the awareness of the organization.
Such breaches can lead to loss of revenue, business disruption and damage to the reputation of the organization. Organizations stand to lose valuable data, as well, that they can’t necessarily replicate.
In addition, configuration drift can cause storage & backup systems to deviate from regulatory standards, inviting both security risks and legal repercussions, which include hefty fines and reputational damage.
Storage and backup system configurations change on a regular basis. So, it’s clear that staying on top of configuration drift and actively managing security misconfigurations can significantly mitigate these risks.
Why Is The Topic Of Securing Storage & Backup Systems Important?
There has been a significant increase in successful ransomware attacks on storage and backup systems in the past two years.
These include a ransomware attack at National Health Laboratory Service (NHLS), which resulted in deleted backup servers. As well as a cyberattack at Sacramento law firm, Mastagni Holstedt, whose backup access credentials were compromised, in order to delete the firm’s backups. They were unable to restore their network with the backup, and eventually were forced to pay a ransom to the hackers, to regain access to its data
https://www.continuitysoftware.com/resources/?resources_category=headlines
In addition, ISO recently published their new industry standard for storage & backup security: ISO/IEC 27040, as well as recent security guidelines from NIST, CIS, DORA, and others.
Cyber criminals realize that an attack on the storage or backup environment is the single biggest determining factor to show if an organization will pay the ransom.
How To Identify Configuration Drifts?
There are two approaches to identifying configuration drifts when they occur. One method involves manually reviewing each production configuration and comparing it to the recovery or secondary configuration. This is often done prior to a disaster recovery test and is very time consuming and expensive.
During the test planning process, various spreadsheets that list all storage & backup hardware and software devices are brought together across the IT departments for comparison and reconciliation.
These include traditional storage services (e.g., block, file, and object storage), storage virtualization, storage architectures designed for virtualized server environments, backup appliances, backup software, and storage resources hosted in the cloud. There are often large discrepancies between these different lists, which serve to compound the difficulty of the effort and miss configuration gaps entirely.
The other method involves developing custom scripts that run periodically to search for these gap “signatures” left by a configuration drift.
This works well, however, it is often limited to a few gaps, and each script typically looks for one gap. Their scripts only grow as more configuration drifts are discovered by failed disaster recovery tests or worse failed production recovery efforts.
Managing baseline configuration and secure configuration process for your storage and backup systems is extremely difficult, since most vendor tools focus on host operating systems and web applications, and are unable to effectively communicate with the rather unique storage and backup technologies.
Automating The Detection Of Storage & Backup Configuration Drift
Purpose-built solutions, like StorageGuard can help you audit the configuration of storage & backup systems, to ensure they’re hardened and not vulnerable. These solutions automatically detect configuration drift and unauthorized changes, while validating that all systems adhere to the required baseline.
These configuration checks usually cover a wide range of security categories such as:
- Authentication
- Authorization
- Access control
- Administrative access
- Audit logging
- Malware protection
- Anti-ransomware
- Encryption
Purpose-built solutions detect and track changes to the storage & backup security configurations on a daily basis, thereby helping to identify unplanned or incorrect changes that may put these systems at risk.