Object storage as an instrument of IT security

Ransomware attacks are growing exponentially and becoming more sophisticated. At the same time, such security breaches are becoming increasingly expensive for the companies affected. Object storage is a powerful tool for ransomware protection and data recovery in business-critical use cases.


The growth of ransomware attacks is exponential: by the year 2031, it is predicted that there will be a ransomware attack somewhere in the world roughly every two seconds. The hackers’ approach is becoming more and more sophisticated, and new attack vectors are constantly being developed. At the same time, the costs of such data breaches are increasing. They are currently estimated at an average of 4.14 million euros. In view of these numbers, ransomware attacks are inevitable in the long term.

With the proliferation of unstructured data, object storage has become a cornerstone of modern IT environments. In concrete terms, unstructured data is data that does not follow conventional data models and is difficult to store and manage in a classic, relational database – for example images, videos, websites or streaming data.

Due to the huge amounts of data involved, cloud solutions have become more and more interesting. However, public offerings should be viewed with caution here: companies do not have complete control over their infrastructure, the performance provided can be insufficient, security instrument often has weak points and the economic advantages (especially flexibility and scalability) decrease as soon as the companies and their data volumes are growing. Called Cloud Object Storage, the solution combines the benefits of a public cloud with the security, performance, and control of an on-premise private cloud solution.

Modern object storage is a powerful tool for ransomware protection and data recovery in mission-critical use cases. In the following, we therefore explain how you can optimize your object storage in order to increase security in the company.


Ways to optimize object storage as a powerful layer of protection

Authentication/Access Control:
Company data is protected here by controlling who can access it. Best practices first set up an account for each user and assign him/her an access key and a secret key. The keys are used for secure authentication with every S3 API interaction, e.g. when creating or reading an object. In addition, object storage solutions should be able to allow or deny access to certain data.

Data Encryption:
Encryption technologies can render data worthless to criminals. In the first step, data and requests entering the system can be encrypted using an SSL security certificate. In the second step, the incoming data is stored in encrypted form. A Key Management Server (KMS) is recommended to keep the encryption keys safe and separate from the encrypted data.

Attacks become ineffective because company data cannot be manipulated. Modification in place is therefore not possible – object storage only offers the possibility of creating, reading or deleting data. Most object storage solutions therefore offer the possibility of versioning object data. This saves a previous version, which allows objects to be restored. As an enhancement, some modern object storage systems offer something called an object lock, which assigns each data item a fixed retention period during which it cannot be modified, updated, or deleted.

Source: Security Insider