Direct Attached Storage (DAS) security is critical to any business that uses solid state drives (SSDs), hard disk drives (HDDs), or arrays in conjunction with their computing systems.
DAS connects directly to a computer or server, either via a cable or installed in the computer. It is not accessed over a network and cannot be accessed remotely, e.g. B. from geographically separated data centers. DAS systems should be protected at the server and physical levels, while sharing data and by maintaining backups. The following guide to securing DAS systems provides recommendations for organizations that need to protect their storage devices and arrays:
How to secure DAS
1. Computer and server protection
To secure servers and computers, companies should implement the following technologies:
Teams should require strong individual passwords to allow users access to the computer or server to which the storage device is connected. Once a user has access to the computer system, they have a clearer route to the hard drives, SSDs or arrays attached to it.
Aside from requiring strong passwords for initial access to the computer system, administrators should also implement access controls for any applications on the computer or server that allow access to DAS storage. Only authorized users should be able to view or manage files on the connected drives or arrays. This is also a form of segmentation, a computer technology that reduces lateral movement through the system. An attacker who has to present credentials at each application entry point has a harder time breaching programs.
Regular system updates
Computer systems and servers are vulnerable to attack if they have outdated software and unpatched vulnerabilities. Attackers often anticipate vulnerabilities and immediately break into a system when updates on a bug are released to the general public. Organizations need to be one step ahead and patch or update their software to the latest version immediately to protect against rapid attacks.
learn more about how to defend common IT vulnerabilities.
2. Security for Physical Premises
Since DAS is connected to a computer or server in an office or data center, the storage device or devices can be physically stolen. Businesses should require all employees and contractors to present identification at their premises, such as a key fob or ID card, when storing their details at their office.
Data centers should have the same, if not better, physical security: Enterprises should require credentials, but server rooms with DAS should also require a separate key for access. Only team members who absolutely need access to the server room should have a key, and two people should enter at the same time to reduce the risk of insider theft.
3. Share saved data securely
Because DAS cannot travel over a network like a SAN, organizations must find secure ways to transfer stored data from arrays and disk drives. All data transfers should be end-to-end encrypted, and all shared files should have specific permission controls to determine not only who can edit but also view the file.
4. Backup and Availability Practices
DAS is difficult to back up and make available, but storing backups of DAS data is still critical. It ensures that other copies of the data exist if a breach or system failure occurs. All hard drives, SSDs, and arrays should be backed up, and at least one copy of each device should be stored off-site or in the cloud.
5. Continuous Monitoring
Make sure your company regularly scans all storage devices for malware. Any time you remove a device from a computer system, scan it for viruses before transferring it to a new system. If the device is infected with malware, installing it on a new computer or server will spread the malicious code further. If it is scanned before moving, the company is better able to quarantine the infected system and fight the malware there than in another system.
The computer systems on which DAS is installed should also be regularly scanned and monitored. If a user visits any application or website on this computer system and accidentally downloaded malware on it, any connected storage can also get infected.
learn more about Security in the data center.