Expert GuideWhy backing up NAS systems makes us more cyber resilient: How to protect against attacks with a zero trust approach

Markus Stumpf — 10. December 2024
Reading time: 1:46 Minutes

8 Gründe für stärkere Cyber Resilience: Wie Sie NAS-Systeme vor Angriffen schützen

Modern NAS systems protect the data they store from modification and deletion, but are no substitute for a data backup. Find out about how to improve the security these systems and data, and how a clever zero trust approach can help.

Modern network-attached storage systems (NAS) are the standard for unstructured data which, due to its characteristics, such as its format and size, does not fit into data tables. Moreover data is often distributed, whether as project drives, home shares or as a target for log and telemetry data.

Benefits of NAS

NAS systems typically benefit from the fact that they can be dynamically expanded as scale-out systems and implement many of the functionalities of enterprise storage systems thanks to the underlying operating system.

These include the following 8 aspects:

  • Snapshots at short intervals (e.g. every 10 minutes)
  • Replication
  • Mirroring
  • Tiering
  • Immutability
  • Versioning
  • Vaulting
  • Corruption Detection 

The potential of NAS - and its weak points

The above-mentioned functionalities of NAS systems give the impression of making backups obsolete. From the point of view of backup architecture, these features tend to make backups less important, but they can by no means be replaced by NAS technologies.

Backups used to serve primarily as protection against data loss, corruption or user errors. Today, NAS systems can virtually rule out the threat of data loss due to hardware failure thanks to the redundancy they provide (multiple nodes with multiple copies on distributed hard drives).

Data corruption, e.g. due to defective software or unauthorised user manipulation, is much more difficult to prevent, as replication, mirroring and vaulting technologies do not verify content at storage level, which means that corruption would be duplicated at all levels.

User errors have a similar effect: the NAS system cannot check whether a folder was deleted or moved intentionally or unintentionally. The same applies when changing metadata.

In addition, the retention of snapshots and their immutability is an issue that can be solved more efficiently by the interaction of the NAS and backup system.

How to maximise (data) security from NAS

Having a 3-tier model consisting of closely meshed, local snapshots (tier 1), periodic snapshots on a mirrored cluster in another data centre (tier 2) and an external data backup to the backup system (tier 3) ensures the best availability, cost efficiency and maximum security. Only a backup on to an external system represents a genuine media break by creating an independent copy of the data. In this context, independent means in particular that the data is copied in its original form and written to a remote medium using other technologies for compression, deduplication and replication.

Skipping this step is risky in so far as you are trusting a vendor (manufacturer of the NAS system) and an administrator (NAS admin) exclusively. In this case, a software bug, a successful attack on the firmware or a compromise of an admin account can destroy both the production data and all existing data backups.

This makes an attack on the NAS system an absolutely worthwhile target, as it is possible to cause major irreversible damage in a single attack.

You achieve more with a superior zero trust approach

The advantages of a zero trust approach include organisational considerations in terms of roles and authorisations for the administration of NAS systems.

The way it mostly happens in reality: 

  • All responsibility for primary and ‘backup’ data resides with the NAS admin.
  • In addition, the NAS snapshots are not independent data copies, so they are not actually backups.

Instead, the following procedure applies with a zero trust approach:

  • The NAS administration is performed by the File Services team, with high-level rights on the data in the NAS system and no rights in the administration of the NAS system (snapshot/mirroring and other settings).
  • The NAS administration is carried out by a separate File Storage team, which has no rights to the File Services.
  • The backups are administered by the backup team, which in turn has no authorisations for the entire NAS infrastructure.

This means that three parties would have to be successfully attacked in order to irreversibly delete data.

Conclusion: no ‘either-or’

Cyber resilience is significantly increased by utilising the strengths of the NAS system and coordinating the backup with it.

You were interested in this, then you may also be interested in...