| Storage networks are predominantly used by | | | | service providers for deploying and maintaining the |
| organisations to centrally manage their data, reduce | | | | storage infrastructure. In many cases, the |
| hardware costs (cost of server hardware, software, | | | | management of user permissions on the data is also |
| installation and maintenance) and downtime (when | | | | outsourced to the service provider. This adds to the |
| adding extra storage), effectively manage storage | | | | number of personnel who could access the |
| resources, and overcome computing power and | | | | organisations data and the locations where the data |
| storage scalability issues that the 'independent | | | | can be accessed from (if management is outsourced, |
| storage for each system' approach is affected with. | | | | the storage infrastructure and data could be |
| These networks are regularly used to store critical | | | | accessible from all locations where the support staff |
| information the compromise of which could affect | | | | is based). |
| the organisation's competitive edge, cash-flow, | | | | Storage vendors have recently started realising the |
| profitability, legal and regulatory compliance, and | | | | need for security and are now bundling network |
| corporate image. | | | | storage devices features that help secure the SAN |
| Storage Area Networks (SANs) and Network | | | | and NAS environments; however, these features are |
| Attached Storage (NAS) are the two types of | | | | not configured as factory defaults, and the lack of |
| storage networks used primarily. The two storage | | | | secure storage configuration policies, standards and |
| networks differ in various aspects; however, both | | | | guidelines at the organisation/service provider level |
| these technologies were built with functionality in | | | | introduces considerable weaknesses in the storage |
| mind and not security, and are riddled with | | | | network environment. |
| vulnerabilities that adversely affect the confidentiality, | | | | The security of storage is paramount due to the |
| availability and integrity of the information stored | | | | criticality of information stored, the abundance of |
| within these networks. Serious vulnerabilities exist | | | | security weaknesses in the technology and due to |
| within these technologies that could allow | | | | the ever growing compliance and regulatory |
| unauthorised, (and in various cases) unauthenticated | | | | requirements. The process of securing storage |
| access to stored information. The support for IP | | | | environments should start with strict organisational |
| based connections, iSCSI in SANs, and IP connections | | | | policies targeted towards storage networks. Secure |
| in NAS increase the accessibility but also enlarges the | | | | configuration standards and guidelines should then be |
| attack surface. | | | | developed and enforced in-line with vendor and |
| Additionally, organisations often contract third party | | | | industry best practices. |