Evaluating Storage System Security

Storing digital data successfully requires a balance of availability, cost, performance and reliability. With the emergence of low-power, petabyte-scale archival storage and flash-based systems, it is getting increasingly difficult to quantify performance, reliability and space-efficiency trade-offs, especially when coupled with storage-security factors. Storage performance is measured by latency, throughput (bandwidth) and IOPS, with throughput typically presented as overall sustained (long) and peak (short) performance transfer rates, and has a wide variety of non-uniform and unique measurement views when storage security is employed.

Although much work has been done on defining, testing and implementing mechanisms to safeguard data storage in long-term archival storage systems, data security verification in our cloud-based, mobile-driven, virtual containerized software-defined remote storage world, remains a unique and ongoing challenge.

Data security can be ensured in a variety of ways depending on the level of security desired, performance and the level of tolerance of user-inconvenience. Most storage systems rely on encrypting data over the wire or by on-disk data encryption, typically using pre-computed checksums and secure hashes, but with no standardized parameters or protocol for comparison between network or on-disk performance and integrity while in actual use.

In today’s multi-tenant virtualized container storage environments, containers depend on a different approach to virtualization, ie. they are not the hardware of things and how a guest O/S runs on top of all that (cpu/memory/network/storage), as containerization separates users and processes from each other. Multi-tenant security is especially important with the heavy reliance on 24xforever mobile data access from containerized cloud storage, where the top-10 security issues identified in 2015 by OWASP (www.owasp.org) were:

  • Insecure data storage;
  • Weak server-side controls;
  • Insufficient transport layer protection;
  • Client-side injection;
  • Poor authorization & authentication
  • Improper session handling
  • Security decisions via un-trusted inputs
  • Side-channel data leakage
  • Broken cryptography
  • Sensitive information disclosure

Docker, one of the most prevalent deployed container technologies in use today, have just recently addressed container user-security concerns  by separating daily container operation privileges from root privileges on the server host, thus minimizing risk of cross-tenant user namespace and root server/data access.

The Center for Internet Security recently released a series of internet security benchmarks (https://benchmarks.cisecurity.org) resources that, although an independent authority and not a standards body, are based on recommended industry-accepted FISMA, PCI, HIPAA and other system hardening standards to help in mitigating security risk for virtualized container storage infrastructure implementations. Although there are a number of new technology products being introduced specifically focused on unique virtual container data security, what does ‘secure’ really mean in the container-context, ie. secure container access, valid container data, native security of application(s) in the container, etc. ?  Most container data volumes today are tied to a specific virtual server, and if the container fails or is moved from that one server to another, the connection to the data volume is lost (no persistent storage), regardless of employed security parameters. For virtual container data to be truly secure, a fully distributed, reliable, secure read/write container file system must be employed to ensure secure, resilient cloud deployments. Ideally, this can be achieved with a container-native cloud deployment on bare-metal, without the use of virtual machines, making the container’s data lifecycle and application scalability independent of the container’s host, while minimizing the future cost and complexity of provision and management of virtual machine server hosts. That coupled with a hardware-secured, write-once data storage device tier, can truly ensure long-term data storage security irrespective of use or lack of encryption use. Additionally and most importantly, cloud data storage encryption keys, although defined within the facets of the SNIA-based Cloud Data Management Interface (CDMI) key management interoperability protocol (KMIP) proposed standard, requires better wide-spread adoption, as most crypto key management is either at the specific storage device level with a single point of key-access failure or as a Cloud provider-managed option today…Lose the key(s), lose the data, no matter how securely managed or replicated!

Clients acting in the role of using a data storage interface

Some data storage security basics:

  • Physical security is essential.
  • Develop internal storage security standards (authentication/authorization/access control methods, configuration templates, encryption req’s., security architecture, zoning, etc.).
  • Document, maintain and enforce security policies that cover availability, confidentiality and integrity for storage-specific areas.
  • Ensure basic access controls are in place to determine your policies; change insecure access permissions.
  • Unload unnecessary/not-required storage services related to NFS (mountd, statd, and lockd).
  • Limit and control network-based permissions for network volumes and shares.
  • Ensure proper authentication and credential verification is taking place at one or more layers above storage devices (within the host operating system, applications and databases).
  • Operating system, application and database-centric storage safeguards are inadequate. Consider vendor-specific and/or 3rd.party storage security add-ons.
  • Ensure audit logging is taking place for storage security accountability.
  • Perform semi-annual information audits of physical location inventory and critical information assets.
  • Separate storage administration and maintenance accounts with strong passwords for both accountability and to minimize potential compromised-account damage.
  • Encrypting data in transit helps, but should not be relied on exclusively.
  • Carefully consider software-based storage encryption solutions for critical systems (key mgt.).
  • Evaluate and consider hardware-based drive encryption on the client side.
  • Carefully select a unified encryption key management platform that includes centralized key lifecycle management.
  • Deploy Boolean-based file/stream access control expressions (ACE’s) in container environments to simplify permission granting to users/groups across data files/directories while providing an additional data protection level in multi-tenant environments.
  • Evaluate OASIS and XACML policy-based schemas for secure access control.
  • Evaluate and consider write-once data storage technology for long-term archival storage tiers.

Related posts:

Don’t Get Caught With Your Pants Down

Here at Digistor we’re aware of the concern over recent high-profile data breaches – but did you realize the same scalable solution Facebook is implementing for a complete revamping of their secure storage backups is already available to you as a consumer? The need for worry-free systems that offer as much – or as little – space as you need is growing for companies and individuals, alike.

Repeated Violations of Privacy Are More Scandalous than Leaked Photos.

Right on the heels of the cringe-inducing publicity of several high profile hacked iCloud accounts that left a nation of casual cloud-storage users feeling vulnerable, comes another system attack that should have every responsible vendor searching for more secure options.

Home Depot has confirmed that on Monday that hackers were able to break into the chain’s in-store payment systems in what could be the largest known data breach of any retail company’s computer network. According to recent coverage by the NY Times, affected customers could number over 60 million.

Data Breaches Cost More Than Your Reputation

The sheer scale of customers affected by Home Depot’s data breach surpasses last year’s title-holding hacker attack into Target’s systems – An ordeal that affected 40 million customers across the US and Canada.

And if that wasn’t embarrassing enough, Home Depot’s attempts to offer reconciliation include a paltry offering of identity protection and credit monitoring services, which hasn’t deferred customers in Georgia from already filing a class-action lawsuit against the retailer for failing to protect customers from fraud or alerting them in a timely manner.

With companies being held legally liable for the security of their customer’s data, is it any wonder that Facebook kicked off this year by building a Blu-ray storage system? Their 10,000 disc strong system amounts to over a petabyte of energy-efficient, secure data storage.

Digistor’s Solutions Back Up More Than Your Data

The NY Times has reported that

“The Department of Homeland Security and the Secret Service recently estimated that more than 1,000 businesses in the United States had been infected with malware that is programmed to siphon payment card details from cash registers in stores. They believed that many of these businesses did not even know they were sharing customers’ credit card information.”

NPR’s All Tech Considered has coined the phrase Data Breach-Fatigue` when discussing the overwhelming feeling of numbness consumers have regarding the repeated notifications businesses large and small to keep an eagle eye on their accounts.

“We are in the trough of disillusionment,” says Gartner security analyst Avivah Litan. “Over 1,000 retailers have been hit; it’s not limited to Home Depot. There are 999 others that no one’s talking about.”

As a business owner, the fear of a data breach increases with the knowledge that your system’s security is depended upon by others. And when faulty security has the capability to both cripple a company’s good name, and their bottom line if found responsible for restitution, you may find yourself turning to alternatives for secure data storage and archiving.

Related posts:

Dropbox replacing the Hard Drive?

We would like to share this article posted today on readwrite.com. CEO Drew Houston says Dropbox is “replacing the hard drive.”  We are huge fans of Dropbox and use it regularly, however this article makes some great points about potential setbacks of relying solely on the cloud as a data storage solution.

Source: http://readwrite.com/2013/07/16/dropbox-replace-hard-drive

Related posts:

How to: Pause an Archive Mid-burn with REWIND’s Finish Later Feature

REWIND™ is an easy to use data storage application to archive all your digital assets permanently to Blu-ray disc. We give you full control over your Blu-ray hardware. REWIND has the ability to finish your archive on your schedule. We built REWIND with a unique Finish Later feature, to pause your archive mid-burn and let you finish the archive later, picking up right where you left off.

REWIND Archiving software runs on both PC and Mac computers. The Finish Later feature demonstrated below is only available with REWIND. No other Blu-ray burning software to-date has such control of burning Blu-ray discs.

Via: DIGISTOR YouTube Channel
Product Page: REWIND™ Archiving Software for PC and Mac – DIG-RE110

Related posts:

Why Would I Need to Back Up My PS3?

That is exactly what I asked myself about a month before my Playstation 3 hard drive crashed on me.  While I have always been cautious about my computer back-ups and archiving precious documents I never spent time thinking about all the media files I keep on my PS3.  Then one day my Playstation 3 hard drive crashed and all my content was gone! I had years of movies, music and photos accumulated and it was now all gone. I was upset about this and wondered why there was not a very easy way to back up your Playstation 3.

So the next day I came into the DIGISTOR offices and spoke to some of our design engineers wondering why there was not a simple and inexpensive way to backup your Playstation 3? It ends up our awesome engineering team already had a solution they had been using internally and testing was nearly complete! There had been a lot of talk about the value of an external media and backup drive for Playstation 3, but we were not sure of the markets interest level of such a product.  I asked our lab for one of their prototypes and sent some home with our employees to use. The conclusion was that this DIGISTOR Playstation 3 hard drive was very easy to use and we thought our customers would also enjoy the ability to easily back-up their entire PS3 operating system. Once we had completed our development process we put the new product for sale online and at a few of our distributors to see if our customers agreed.  We were pleasantly surprised to see how many people had the same problem as I did and with no other easy-to-use inexpensive solution on the market, our PS3 backup drive took off!

You can now back up your entire PS3 using the Playstation backup utility to the DIGISTOR™ Hard Drive for PS3 and also play back video files – any standard or high definition Divx or MPEG files (with no copy protection and < 4GB).  Completely portable powering off of USB with no A/C adapters needed.

View photos and images using the PS3 Photo album rendering system, as well as Listen to your audio files, complete with album art (files with no copy protection).

When we first released this product a few years back, it was just an idea our engineers thought would help a few people.  Now we have extended the models to include Xbox 360 and PS3 both at 500GB & 1TB models based on customer demand.  This is a very easy to use product that will give you an extra layer of security for all of your media files stored on your gaming device, and we learned something very important: We learned to build products we think are cool and solve a problem, regardless of how much perceived value is in such a solution. Do yourself a favor and make sure and take care to back-up all your media files or your entire PS3 OS before that hard drive crashes!

DIGISTOR™ 500GB Portable Hard Drive for Playstation3 (PS3) USB 3.0 / 2.0
Model: DIG-82522

DIGISTOR™ 1TB Portable Hard Drive for Playstation3 (PS3) USB 3.0 / 2.0
Model: DIG-82123

Related posts:

Is the Hard Drive Really Dead?

Yet another online backup company has launched this week, this one offering what they call “infinite cloud storage”.  Unlimited storage across multiple devices and operating systems for $10 month sounds pretty good and I might even give their service a try.  But what struck me as odd is the company’s proclamation that with the launch of their service “the hard drive is now dead”.  I understand this is just a marketing spiel; but if hard drives are dead then where are they storing my unlimited data?

Cloud backup simply means you are sending your data to a cluster of servers hosted offsite and accessed over the internet; and those servers use hard drives….lots of hard drives.  Of course the transition to flash, SSD and other new storage technologies is well under way; but to say the hard drive is dead is just not true.

Traditional hard drives certainly have their share of drawbacks, and we point these out often when talking about archiving and permanent data backup, but they are far from obsolete drift boats for sale in australia.

Via: Bitcasa Press Release

Related posts:

New Year’s Resolution – Backup and Archive your Photos

The holidays have come and gone and if you are like me that means plenty of new photos and home video from family gatherings, parties and travels.  For most of us the end of the Holiday season also means it time for some New Year’s resolutions.  Well we are a few weeks into January now and I’ve already broken most of my resolutions, but one that you must not break is to finally backup and archive all of your photos, video and data.

We hear so many horror stories from people who have lost all of their photos, videos or other personal data because they were not properly backed up or archived.   There is no shortage of backup products available on the market today, so there is really no excuse to not have some sort of protection in place for your valuable data and files.

With so many available options to back up your data, choosing the right solution can be overwhelming.  The most important decision to make is simply to not procrastinate and do something!  Whether you decide to use an external hard drive, flash drive, online backup provider or RAID solution, it is imperative that you perform regular backups for continuous protection of your latest data.

For long-term storage of your photos, videos, music and other data files you will want a permanent archive.  This can easily be accomplished with easy to use products from DIGISTOR such as the Personal Archive Recorder and REWIND Archiving Software for PC and Mac.

Remember, you can always lose weight, eat better or learn a new language next year; but without a proper backup and archive you can easily lose your most precious photos, video or data forever.

Related posts:

Post CES 2013 Trends: Cut that Cord with Wi-Fi Cameras

If you’re a Pocket Camera user you may have noticed over the past few years you’ve used your digital camera less and your cell phone more. I know it’s true of myself. My iPhone camera is always with me, synced effortlessly with my PC, and backs up to iCloud. When I do use my Casio Exilim or Olympus pocket cameras I often times don’t sync these with my computer for days after the event.

We’ve seen a few WiFi pocket cameras hit the market, but CES 2013 shows that we are about to see a lot more, with nearly every manufacturer offing WiFi model cameras. You may be sucked back into using your digital pocket camera if it easily backed up to your PC or Mac over WiFi. Using a digital camera with WiFi and a good backup or archive program will make sure you can enjoy the original pics snapped and keep you using your pocket cam for more than large outings or events.

Some WiFi enabled Cameras (links to gdgt):

As these cameras continue to adapt new technology, you’ll see similarities with your digital pocket cam and your cell phone with apps. We area always looking for easier ways to take, sync, share, archive and enjoy our pictures.

Via: gdgt
Via: Cool Mom Tech

Related posts:

Use instaport.me and REWIND to Archive your Instagram Photos

No doubt you’ve heard about Instagram and how they are planning on using users data according to its new privacy policy. Instagram, the media, and the users are in a cyber-argument over this topic, but at the end of the day it is your personal choice where you’d like your data. Using Instagram as a photo sharing method is great, but hoping to also use it as an archive of your photos doesn’t work out so well.

Whether you decide to keep your account open or not, we at DIGISTOR thought we’d let you know there is a way to download all your Instagram files to your PC or Mac, then archive them to Blu-ray disc for safe keeping.

Using instaport.me you can download all your Instagram photos to your computer in a single .zip file. You can unzip this file in your photos folder so you can easily view them. Also using REWIND you are now able to select the photos you’d like archived to Blu-ray disc. It’s simple and secure!

Side note: instaport.me is being hammered right now, and may be very slow at responding. Give it some time to settle, and then export and archive away! instaport.me has opened up secondary servers for overflow and is able to give you your Instagram photos within a few minutes of request!

Related posts:

5 Reasons to Use Blu-ray for Permanent Backups


Cloud backup, external hard drive, USB drive, tape or optical drive; it’s easy to be confused with so many options for backing up your data and files.

There are pros and cons to every backup solution, but if want to permanently backup your photos, video, music and other data then archiving to recordable Blu-ray is the clear choice. Here are 5 reasons why:

Cost – Blu-ray drive prices have come down significantly over the past few years, but more importantly the media prices are now as low as $.04 per GB.  Not too bad for a permanent data storage.

Longevity – High quality Blu-ray discs have a hard coat, scratch resistant material and can provide up to 50 years or longer archival life.

Security – Archiving to Blu-ray gives you a physical copy of your data that is not vulnerable to online data breach and can easily be stored in a safe or offsite location.

Capacity – Blu-ray discs are available in capacities of 25GB, 50GB, 100GB and 128GB allowing the average user to permanently archive a lifetime of photo’s on just a handful of discs.

Ease of Use – Using REWIND Archiving Software you can easily archive or restore all of your photos, video, music and data in 3 simple steps.

Related posts: