Continuity’s First Industry Research Shows Enterprise Storage Security Lags Significantly Against Computer and Network Security

Scanning over 400 enterprise storage devices detected 6,300 discrete security issues; On average, scanned devices had 15 security vulnerabilities

Organizations must act immediately to better protect their storage, as well as their backup systems, to ensure their data is protected against ransomware and other cyber attacks.

– Gil Hecht

NEW YORK, NEW YORK, USA, October 13, 2021 / – Continuity â„¢, a leading provider of cyber resiliency solutions, today released the State of Security Report storage. The first research to examine storage system security, this new report provides an analysis of vulnerabilities and misconfigurations in enterprise storage systems. The results revealed that storage systems have a significantly weaker security posture than the other two layers of IT infrastructure: compute or network.

These results are alarming given that, unlike an attack on endpoints or individual servers, which can cause problems, an attack that targets storage systems can be truly devastating. Compromising a single storage array can bring down thousands of servers and wipe out petabytes of data, a frightening prospect given the increase in ransomware attacks over the past three years that target corporate data.

For the Storage Security Status Report, Continuity’s automated risk detection engines analyzed data from over 400 enterprise storage devices from vendors such as Brocade, Cisco, Dell EMC, IBM, Hitachi Data Systems, NetApp, and others.

The main research findings include:
● Over 6,300 discrete security issues, such as vulnerabilities and configuration errors, have been detected;
● More than 170 safety principles were not correctly followed;
● On average, enterprise storage devices had 15 security vulnerabilities. About three of these were considered high or critical risk, meaning they could present a significant trade-off if exploited.
● The five most common types of vulnerabilities are: use of vulnerable protocols / protocol settings, unresolved common vulnerabilities and exposures (CVEs), access rights issues (overexposure), management and authentication insecure users and insufficient logging.

“Of the three main categories of IT infrastructure – compute, network and storage – the latter
often holds the greatest value, both from a security and business perspective, ”said Gil Hecht, Founder and CEO of Continuity. “Security vulnerabilities and misconfigurations of storage devices pose a significant threat, especially as ransomware attacks have gripped businesses in recent years. Yet based on our analysis, the security posture of most enterprise storage systems is surprisingly weak. Businesses need to act now to better protect their storage, as well as their backup systems, to keep their data safe from ransomware and other cyber attacks.

To help organizations get the visibility they need to understand their storage vulnerability risk and avoid blind spots, Continuity recommends that they assess existing security processes and ensure that the storage layer is secure and reinforced at a level similar or even higher than that of the compute and the network. assets.

Continuity’s StorageGuard is the only solution that searches for thousands of misconfigurations and possible storage system vulnerabilities that pose a threat to enterprise data security.

Continuity has compiled anonymous contributions from over 20 customer environments across North America and the EMEA region, spanning banking and financial services, transportation, healthcare, telecommunications, and other industry sectors. A total of 423 enterprise storage devices were scanned from vendors such as Brocade, Cisco, Dell EMC, IBM, Hitachi Data Systems, NetApp, and others. The analysis focused on the configuration of block, object and IP storage systems, SAN / NAS, storage management servers, storage devices, virtual SAN, storage network switches, data protection devices, data protection systems. storage virtualization and other storage devices. Continuity’s automated risk detection engines verified the thousands of possible storage system-level misconfigurations and vulnerabilities that posed a security threat, which were marked with a security rating (1-5) and tracked. to allow for detailed downward assessment, aggregation and exercise.

Additional Resources:
● Read the NIST Guide for Storage Security – co-authored by Continuity.
● Download the Storage Security Handbook for an overview of the evolving storage technology landscape and a set of practical recommendations for avoiding emerging threats.
● Visit our blog for storage security information and advice from business leaders and experts.

About continuity
With the increase in cybersecurity threats, Continuity is the only solution provider helping businesses protect their data by securing their storage systems, both on-premises and in the cloud. Continuity’s StorageGuard complements existing data protection and vulnerability management solutions, adding a layer of security that prevents attackers from entering storage and backup systems, which can help take control of virtually any critical business data.

Continuity’s clients include the world’s largest financial services firms and Fortune 500 companies, including six of the 10 largest US banks. For more information, please visit

Sarah hawley
Mockingbird Communications for Continuity
+ +1 4802924640
write us here

Comments are closed.