Maksym Yemelyanov - Fotolia


How to secure your disk-based backups

Disk-based backups present different security risks than backup tapes. Protection methods can vary widely depending upon storage architecture.

We've all heard the adage that backup tapes need to be secure in case they are lost, stolen or fall off a truck, but what about disk-based backups? While disk backups are sometimes perceived as being more secure than their tape-based counterparts because they never leave the data center, they have potential issues of their own.

As a general rule, most organizations encrypt disks that store backups and some even invest in self-encrypting drives. But there is more to disk-based backup protection than storage encryption.

Security mechanisms to protect disk-based backups can vary widely depending on the storage architecture that is being used. There are two main points of potential vulnerability:

  • The interconnect between the backup client and backup server
  • The interconnect between the backup server and storage

In other words, you don't have to worry about someone stealing a disk out of your backup storage because the disk is encrypted and physical access to the storage is presumably controlled. What you do have to be concerned about is someone intercepting the data en route to the storage or gaining access to the storage array.

Protecting data on the fly

The first area in which security needs to be examined is the communication link between the resources that are being backed up and the backup server. Modern backup applications generally encrypt backup traffic, but there are additional steps that you can take to further improve security for data in-flight.

It doesn't hurt to review the permissions that are in place on your backup server. The goal behind a permissions review should be to make sure no one person has excessive data access permissions.

If your organization is heavily virtualized, for example, it is a good idea to create a dedicated virtual network that exists solely for the purpose of carrying backup traffic. Doing so improves security through isolation because backup traffic will never traverse the same virtual network segment as general user traffic.

It is also important to protect your backup server through the use of a firewall. By doing so, you can ensure that only specific devices (administrative stations and backup targets) communicate with the backup server.

Storage connectivity can be a potential vulnerability, although the risks vary widely depending on the types of storage connectivity used. If, for example, the backup server uses network-attached storage or Fibre Channel over Ethernet, you might consider using an isolated Ethernet segment to connect the backup server to the backup target. You should also review the permissions that have been assigned to the storage target and ensure that only authorized accounts (such as service accounts) are allowed to read and write data.

It doesn't hurt to review the permissions that are in place on your backup server. Large IT shops are commonly divided into teams. There might be an Active Directory team, a mail server team and so on. Consequently, a recovery operation may involve more than just the backup admin. The goal behind a permissions review should be to make sure no one person has excessive data access permissions.

Storage architecture and security

If the backup server uses a storage-area network as a backup target, then the SAN's architectural design may present a security vulnerability. To see why this is the case, think about how an IP network is constructed.

An IP network is often divided into several different security domains. There is typically a demilitarized zone, a private network and perhaps a security domain used for back-end database servers. Each of these domains is logically isolated from one another.

The problem with this isolation is that any or all of the security domains on your IP network could potentially tie into a SAN. This may not initially be considered to be a risk if the SAN is based on Fibre Channel storage. However, if a hacker were to launch an attack against your IP network and take control of a server connected to the SAN, that compromised server could be used to launch an attack against the SAN. The most effective way to guard against this sort of attack is through physical isolation of the backup storage. Ideally (at least, from a security standpoint), the backup target should use a dedicated array and dedicated connectivity to the backup server.

Disk-based backups are not subject to the same types of security risks as tape-based backups. In the case of disk backups, it is often the storage architecture and the corresponding permissions that present a risk, as opposed to the media itself.

Next Steps

A closer look at backing up to disk

Disk backup methods comparison

Dig Deeper on Data backup security