Top 5 security risks for enterprise storage, backup devices
According to Continuity, the average enterprise storage and backup device contains 14 vulnerabilities, three of which are high or critical risk and might result in a large compromise if exploited.
The findings highlight a major gap in enterprise storage and backup security, demonstrating how far it lags behind the security of other levels of IT. With the increasing sophistication of data-centric attacks, large volumes of data at risk, and tightening restrictions, enterprise storage and backup security clearly necessitates immediate attention.
Securing enterprise storage and backup systems
“Securing enterprise storage and backup systems has become a critical part of organizations’ cyber resiliency strategies,” said Dennis Hahn, principal analyst, Data Center Storage and Data Management for analyst firm, Omdia. “As important as rapid data recovery is to business continuity if data is lost or stolen, it is arguably even more important to protect data anywhere it lives and not let storage and backup systems themselves become an entry point for attack.”
The analysis evaluated 245 environments with 8,589 storage and backup devices from key vendors such as Dell, NetApp, Veritas, Hitachi Vantara, Pure, Commvault, and others.
Almost 60% of the organizations were from the financial industry. Healthcare, financial services, telecommunications, media, maritime carriers, and IT services were among the other businesses.
Enterprise storage and backup device vulnerabilities
A total of 9,996 individual safety issues (e.g., vulnerabilities and security misconfigurations) were discovered, covering over 270 security principles that were not followed sufficiently.
On average, an enterprise storage and backup device contains 14 security risks, three of which are rated as high or critical, implying that if exploited, each would pose a serious vulnerability. This finding is nearly comparable to that of the previous year’s report, indicating that little has been done to address this high-risk sector.
While the deployment of immutable storage is increasing, it can lead to a false sense of security if not properly implemented, and sadly, the study discovered a considerable number of misconfiguration concerns related to these features.
Most ransomware attacks target unpatched vulnerabilities in storage and backup systems. Users are unaware that typical vulnerability management technologies do not adequately protect those systems.
The top five security risks
- Insecure network settings (use of vulnerable protocols, encryption ciphers, etc.)
- Unaddressed CVEs
- Access rights issues (over-exposure)
- Insecure user management and authentication
- Insufficient logging & auditing
“We conducted this research to offer greater insight into the scope of the problems in data storage and backup security,” said Gil Hecht, CEO of Continuity. “Not only did it help to quantify the high level of vulnerabilities and security misconfigurations in the average enterprise storage and backup system, it also underscores the importance of taking a proactive and automated approach to fixing them.”