The impact of emerging technologies on SANs

AI and ML workloads and low-latency data access requirements

The introduction of AI and ML activities and their associated workloads has altered how SANs are employed. By extension, it has also increased the security requirements. Greater traffic from AI-driven storage activities strains existing SAN bandwidth, resulting in increased latency and slower response times. Such traffic growth also generates a commensurate increase in potential attack surfaces. The greater need for ensuring the confidentiality, integrity and availability of the data in transit and at rest means that encryption is highly important. The increased likelihood of AI-based attacks means SAN configurations could be at risk, including potential manipulation of zoning and masking activities. Enterprises considering advanced SAN security should ensure that AI-supported tools are in place to provide the highest level of protection.

NVMe-oF and NVMe/TCP

Storage devices that use Non-Volatile Memory Express (NVMe) technology typically have higher read/write speeds than other interfaces. A current variant of the NVMe protocol is NVMe over fabric (NVMe-oF), which supports high-speed data transfers between hosts and solid-state storage devices (SSDs) over different network fabrics, such as Ethernet and Fibre Channel.

The technology increases the potential attack surface by boosting the number of hosts, networks and storage devices supported. An IP variant called NVMe-TCP (Transmission Control Protocol) may open the door to spoofing and network-layer attacks. Encryption is pretty much mandatory.

Cyber-resilient storage

Resilience, the ability to survive security breaches by learning from the attack and adapting remediation activities for better protection in the future, has become a primary SAN security requirement. Cyber resilience storage strategies include snapshots, air-gapping, automated recovery, zero-trust architectures and analysis of monitored network behavior. AI also plays a major role in achieving resilience.

Hybrid and multi-cloud SAN

Whereas SANs have traditionally been confined to data centers, new cloud-based architectures extend a SAN's reach outside data centers. New implementations can include cloud and in-house (hybrid) configurations as well as multi-cloud arrangements. The use of APIs for service provisioning and monitoring by cloud-adjacent SANs can introduce new targets for cyberattacks. Extending a SAN's reach beyond the data center may affect role-based access control (RBAC) across multiple endpoints. Cross-environment encryption keys and other elements can also be inconsistent.

From hybrid to all-Flash SANs

Depending on the business and disaster recovery requirements, current SANs may connect a variety of storage devices, including hard disk drives, tape systems and SSDs. Evolving to an all-SSD infrastructure supports faster read/write speeds and storage capacity, while security challenges might also increase. Encryption technologies, therefore, must also support higher network speeds.

Those same high speeds mean that attackers gaining entry to the network will move faster and exact damage at higher speeds. Firmware and device controllers needed for SSDs may introduce unintended supply chain and technology risks. 

The future of SAN implementations

SAN planning and implementation strategies, going forward, will need to focus on and prioritize several key SAN security attributes, as noted earlier in this article and in the following section:

• Stronger access controls -- A strategy built on zero trust will be essential in every part of the SAN infrastructure. This will necessitate strong authentication for access to all devices, identification confirmed using role-based access control (RBAC), as well as policy-driven zoning and masking.
• End-to-end encryption -- Whereas today encryption in motion and at rest is the norm, next-generation SANs will need full end-to-end encryption for all traffic, regardless of the network fabric used. Enhanced encryption keys may include auditing, advanced rotation and lifecycle controls.
• Enhanced governance activities -- These will be necessary for managing complex next-generation SANs, addressing access controls, multiple network fabrics such as Fibre Channel and NVMe-oF, continuous monitoring of network traffic, encryption, advanced anomaly detection and AI/ML deployments.
• Dynamic incident management -- Owing to the speeds and complexity expected with next-generation SANs, incident response plans will need to detect suspicious code and analyze it quickly, before launching remediation efforts. AI is likely to be a major part of future incident response activities, as it can detect and analyze suspicious code more quickly and launch response measures to neutralize attacks quickly. 
• Compliance management -- Ensuring that data over SANs is protected from security breaches and has optimum privacy will be necessary to comply with strict regulatory requirements from the EU GDPR and specifications outlined in ISO 27001.

Technologies discussed in this article can help boost SAN performance, making them faster, more intelligent and resilient. Along with the performance benefits, senior IT leaders must also remember that next-generation SANs may have larger attack surfaces and commensurate exposure to threats. Meaning that SANs will increasingly depend on high-performance automation and continuous monitoring.

Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.