Getty Images/iStockphoto

Cloud malware protection is a path to object cyberstorage

Hyperscaler service offerings to detect or eliminate malware add features that analysts call cyberstorage to common object storage, a step toward improving security standards.

Managed ransomware detection services offered by AWS and Microsoft Azure bring cyberstorage capabilities to cloud object storage, the "dumping ground" of enterprise data.

AWS released Amazon GuardDuty Malware Protection for S3, a managed service that detects malicious files uploaded into selected S3 object storage buckets, during the vendor's re:Inforce 2024 conference last month. The S3 capability complements existing services for block storage in EBS, compute with EC2 and containers, according to AWS.

Last year, Azure released Malware Scanning in Defender for Storage, a similar managed service that detects malware uploaded to Azure Blob storage, the Azure cloud's S3 equivalent for object storage.

Such detection services could help combat malware, especially for enterprises that need to open their networks up to the larger internet, but they provide only one small component of the cyberstorage ideal, said Krista Macomber, an analyst at Futurum Group.

Gartner defines cyberstorage as active defense technologies that identify, protect, detect, respond to and recover from ransomware attacks on unstructured data storage.

More mature cyberstorage strategies will require services like GuardDuty Malware Protection alongside comprehensive infrastructure planning that involves cooperation between security and infrastructure teams, according to Macomber and other analysts.

"There's not going to be a single SKU [for cyberstorage]," Macomber said. "It's going to be more a comprehensive checklist of what the table stakes are that we need to have to ensure resiliency from our primary and secondary storage."

Hyperscaler offers take cybersecurity seriously

Amazon GuardDuty Malware Protection for S3 is an agentless scanning capability that evaluates new objects uploaded to S3 buckets, using third-party malware engines for scanning and definitions, according to AWS.

AWS said the service specifically looks at new objects being uploaded into an S3 bucket in near real time. Other AWS services such as Amazon EventBridge can handle post-upload actions like tagging and quarantining.

The AWS malware protection service is priced per gigabyte of volume scanned and number of objects evaluated per month, with a limited AWS Free Tier version available.

Azure's Malware Scanning in Defender for Storage offers a similar suite of capabilities for Azure Blob storage. Other cloud vendors such as Google Cloud and Oracle Cloud Infrastructure provide reference architectures for creating similar capabilities, but do not offer managed services for scanning object storage.

These security releases show that hyperscalers are starting to take the security of their object data stores more seriously, said Jerome Wendt, founder and president of Data Center Intelligence Group. Compared with competing storage vendors, hyperscalers like AWS can quickly iterate on these services and capabilities to offer them at scale.

"This is Amazon's first step toward looking at data being stored in S3," Wendt said. "It's a maturing of existing technologies that are already out there."

Chart from Enterprise Strategy Group data showing how often enterprises suffer from ransomware attacks.
TechTarget's Enterprise Strategy Group found that almost 30% of enterprises experience sporadic ransomware attacks annually.

The managed GuardDuty service for S3 provides only monitoring and alerts of malware, so it's important for enterprises to have additional security available that's configured according to their needs to halt and quarantine malware, Wendt added. Security features for backups such as immutable snapshots could likely result in future headaches after permanently locking corruption into the backup system.

"Your data is still your responsibility, never lose sight of that," Wendt said. "Storing in an immutable format doesn't mean it gets rid of the ransomware [threat]."

Object cyberstorage

All storage products will include "cyberstorage capabilities focused on active defense beyond recovery from cyber events" by 2028, according to Gartner's 2023 "Magic Quadrant for Distributed File Systems and Object Storage" report.

Jeff Vogel, an analyst at Gartner and one of the report's authors, estimated that only 10% of storage products on the market offer cyberstorage as defined by Gartner today.

The primary storage environment is a pivotal security concern for enterprises as it has become a common target for malware attacks, he said.

Hybrid infrastructure storage vendors such as HPE, IBM and Pure Storage, among others, offer mature storage software and hardware ecosystems to support more resilient storage environments compared with native hyperscaler offerings, Vogel said. These vendors can offer meaningful service-level agreements (SLAs) for ensuring storage uptime and security compared with the shared-responsibility model employed in cloud offerings.

"[Clouds] are competing with on-premises enterprise storage," Vogel said. "Business-critical infrastructure started on premises, and a large percentage is still on premises."

Such suites and SLAs are only the start, however, as many enterprises should adopt security frameworks, such as NIST and its variants, to further harden infrastructure, Vogel said. Enterprise IT should understand the impact a hack could have on the overall organization's business and people, beyond the inconvenience of a digital mess.

"It's not just about file corruption or exfiltration, but [about] the damage the threat could actually do," Vogel said. "[The] recovery aspect alone is just inadequate."

Object storage is no longer your digital dumping ground.
Krista MacomberAnalyst, Futurum Group

As hyperscalers begin pivoting their storage offerings more into cyberstorage, Vogel expects many to seek out partnerships with existing storage companies to fill that need. Azure, AWS and Google have all partnered with NetApp for storage offerings, for instance.

These concerns about object storage, however, show that the format has evolved from a secondary or tertiary backup service into a primary storage workhorse, Macomber said.

"Object storage is no longer your digital dumping ground," she said.

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Dig Deeper on Cloud storage

Disaster Recovery
Data Backup
Data Center
and ESG