Chandramouli, R.
and Pinhas, D.
(2020),
Security Guidelines for Storage Infrastructure, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-209
(Accessed April 23, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Guidelines for Storage Infrastructure
Published
Author(s)
, Doron Pinhas
Abstract
Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media capacity (e.g., tape, HDD, solid-state drives (SSD)) and the other along the architectural front, starting from direct- attached storage (DAS) to the placement of storage resources in networks accessed through various interfaces and protocols to cloud-based storage resource access, which provides a software-based abstraction over all forms of background storage technologies. Accompanying the architectural evolution is the increase in management complexity, which subsequently increases the probability of configuration errors and associated security threats. This document provides an overview of the evolution of the storage technology landscape, current security threats, and the resultant risks. The main focus of this document is to provide a comprehensive set of security recommendations that will address the threats. The recommendations span not only security management areas that are common to an information technology (IT) infrastructure (e.g., physical security, authentication and authorization, change management, configuration control, and incident response and recovery) but also those specific to storage infrastructure (e.g., data protection, isolation, restoration assurance, and encryption).Citation
Special Publication (NIST SP) - 800-209
Report Number
800-209
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
storage area network, network attached storage, storage array, file storage service, block storage service, object storage service, storage virtualization, software-defined storage, hyper-converged storage, data protection, cloud storage, backup, replication.
Citation
Created October 25, 2020, Updated October 27, 2020