your123 - stock.adobe.com
Explore 5 secure data storage best practices
From access control to air gapping and beyond, IT administrators should employ several technologies and procedures to help ensure they have secure data storage.
If you're a storage administrator and you're not consistently thinking about security, you're doing it wrong.
Secure data storage is a critical component of IT infrastructure, especially given the state of today's risks and threats. Ransomware and other cyber attacks continue to run rampant, while remote work still means data may not be as secure as needed. Make sure to align with secure data storage best practices and have a layered strategy to help keep your organization running.
Access control regulates who can use data in a storage environment and helps to minimize risk. The practice identifies, verifies and authorizes a user to the access level set by the organization. Role-based access control is one particularly popular form based on defined business functions instead of user identity. Access control software and tools can help with such tasks as reporting and monitoring, password management, provisioning and security policy enforcement.
An air gap isolates data so that it cannot connect with other computers or networks. Air-gapped data is typically safe from cyber attacks such as ransomware because attackers cannot reach it. Tape is one example of secure data storage that has an air gap because a cartridge on a shelf is not connected to a network. While it's not feasible to have only air-gapped storage, it should be one piece of an overall IT infrastructure and security strategy.
Cloud storage encryption
Cloud storage providers offer the valuable service of encryption with customer data. Providers encrypt data in transit to and from cloud-based applications and storage and to authorized users in various locations. Cloud storage encryption prevents unauthorized users from reading data as it travels to and from the cloud or when it is in storage.
Customers must make sure that the encryption capabilities of the cloud provider match the level of sensitivity of the data. They also need to decide whether the cloud provider or the organization should hold the encryption keys.
Immutable data storage
Immutable storage is similar to cloud storage encryption in that it helps prevent bad actors from tampering with data. Immutability means data cannot be modified or deleted. Write once, read many tape is a classic example of immutable storage. However, other forms of storage media -- disks, SSDs and the cloud -- can be immutable as well. Experts often highlight immutability as one of many prevention mechanisms against ransomware -- if attackers can't change the data, they can't hold it for ransom.
Tape brings many secure data storage best practices together. Though some like to write it off, tape has seen a resurgence of late in its use as safe data storage against cyberthreats. Tape storage has an inherent air gap, offers encryption and provides immutability. Its drawbacks include slow access and recovery time, so tape should be one element in a storage administrator's toolbox. For example, tape is a strong choice for archiving because that data typically doesn't need quick access.