Lecture 4. Data storag

Data storage
Secure data storage:
Secure data storage is a set of manual and automated computing processes and technologies used to ensure the security and integrity of stored data. This may include physical protection of the hardware on which the data is stored, as well as security software.
Storage system vulnerabilities:
Another huge factor in the interest in data storage security is the vulnerabilities inherent in storage systems. These include the following:
• Lack of encryption - While some high-end NAS and SAN devices include automatic encryption, most products on the market do not. This means that organisations need to install separate encryption software or hardware to ensure that their data is encrypted.
• Cloud storage - More and more businesses are choosing to store some or all of their data in the cloud. While some argue that cloud storage is more secure than on-premises storage, the cloud adds complexity to the storage environment and often requires storage personnel to learn new tools and implement new procedures to ensure that data is properly protected.
• Incomplete data destruction - When data is deleted from a hard drive or other storage media, it may leave traces that could allow unauthorised persons to recover the information. Administrators and storage managers should ensure that all data deleted from the storage is overwritten so that it cannot be recovered.
Principles of data storage security:
At the highest level, data storage security is aimed at ensuring CIA - confidentiality, integrity and availability.
• Confidentiality: Maintaining data confidentiality by preventing unauthorised persons from accessing it over the network or locally is a key storage security principle to prevent data leakage.
• Integrity: Data integrity in the context of data security means that data cannot be tampered with or altered.
• Accessibility: In the context of storage security, availability means minimising the risk that storage resources will be destroyed or become unavailable, either intentionally, for example, during a DDoS attack, or accidentally, due to a natural disaster, power failure or mechanical failure.


Best practices for data protection:
To keep pace with these technological trends and address the inherent vulnerabilities of storage systems, experts recommend that organisations implement the following data security best practices:


1. Data storage security policies - businesses should have written policies that define the appropriate levels of security for the different types of data they hold. Obviously, publicly available data requires a much lower level of protection than restricted or sensitive data, so the organisation must have security models, procedures and tools in place to apply the appropriate protection. The policy should also include details of the security measures to be deployed on the storage devices used by the organisation.
2. Access control - Role-based access control is a must for a secure storage system, and in some cases, multi-factor authentication may be appropriate. Administrators should also be sure to change all default passwords on storage devices and ensure that users use strong passwords.
3. Encryption - data must be encrypted both in transit and in storage within the storage systems. Storage administrators must also have secure key management systems in place to keep track of encryption keys.
4. Preventing data loss - Many experts argue that encryption alone is not enough to ensure complete data protection. They recommend that organisations also deploy data loss prevention (DLP) solutions to help detect and stop any attacks that occur.
5. Reliable network security - storage systems do not exist in a vacuum; they must be surrounded by robust network security systems such as firewalls, malware protection, security gateways, intrusion detection systems, and possibly advanced analytics and machine learning security solutions. These measures should prevent most cyberattacks that can access storage devices.
6. Reliable endpoint protection - Similarly, organisations must also ensure that they have appropriate security measures in place on PCs, smartphones and other devices that will access stored data. These endpoints, especially mobile devices, can be a weak point in an organisation's cyber defences.
7. Reservations - Not only does backup storage, including RAID technology, help improve availability and performance, but in some cases it can also help organisations mitigate the impact of security incidents.
8. Backup and recovery - Some successful malware or ransomware attacks have compromised corporate networks so severely that the only way to recover is from backups. Storage managers need to ensure that their backup systems and processes are adequate for such events, as well as for disaster recovery purposes. In addition, they must ensure that backup systems have the same level of data protection as the primary systems.