The release of ISO/IEC 27040:2024 – Storage Security marks a pivotal moment for enterprises that care about cyber resilience and recoverability. It is the first truly comprehensive, globally recognized standard dedicated specifically to securing storage and backup systems – and its timing couldn’t be more critical.

Storage and Backup: The Last Line of Defense – and a Prime Target

Attackers are exploiting the fact that storage and backup environments are often less monitored, less hardened, and poorly integrated into vulnerability management programs. In many organizations, storage & backup systems still operate with legacy protocols, excessive privileges, weak authentication, and minimal logging – conditions that attackers actively seek out.

The consequences are severe: data theft, data destruction, operational disruption, regulatory exposure, and long-term reputational damage.

What Makes ISO/IEC 27040 Different – and Important

ISO/IEC 27040:2024 is not a minor update. It is a major overhaul of the outdated 2015 edition, designed to reflect modern storage architectures, threat models, and regulatory expectations.

Key characteristics include:

• 220 storage security guidelines, with 188 defined controls that establish a baseline for secure storage operations
• A clear distinction between guidance and mandatory requirements, particularly around encryption, logging, access control, protocol hardening, and secure sanitization
• Deep alignment with the broader ISO/IEC 27000 family, including ISO 27001 and ISO 27002, ensuring storage security is integrated into existing governance frameworks rather than treated as a side project

Most importantly, ISO 27040 acknowledges that storage security drifts over time. Configuration changes, firmware upgrades, evolving vendor guidance, and newly discovered vulnerabilities all erode security posture unless continuously validated.

From Policy to Practice: What ISO 27040 Actually Requires

Unlike high-level security frameworks, ISO 27040 goes deep into the technical realities of storage & backup environments. It covers:

• Strong authentication and access control, including multi-factor authentication and separation of duties
• Encryption requirements for data at rest and in motion, with minimum cryptographic strength
• Protocol hardening, including secure configurations for NFS, SMB, iSCSI, Fibre Channel, NVMe, and object storage
• Comprehensive logging and monitoring, with protected log retention
• Immutability, snapshots, replication, and cyber-recovery backups, recognizing storage as the backbone of resilience
• Vendor access restrictions and secure remote management

These controls map directly to real-world attack techniques observed in recent storage and backup breaches & ransomware incidents.

How StorageGuard helps you comply with ISO/IEC 27040

Required by ISO, Provided by StorageGuard

StorageGuard is the only Security Posture Management solution purpose-built for enterprise storage and backup systems.

• Ensure adequate storage & backup protection expertise
• Ensure adequate storage & backup security expertise
• Perform storage & backup system hardening
• Apply vendor-recommend security configurations for all storage & backup systems
• Include storage & backup in vulnerability management programs

ISO 27040 Is a Baseline – Not the Finish Line

One of the most important messages in ISO 27040 is that documentation alone is not enough. The standard repeatedly emphasizes validation, testing, and continuous assessment.

This is especially critical for storage and backup environments, where traditional vulnerability scanners often lack deep coverage, misconfigurations can persist unnoticed for years, and security posture can change overnight due to upgrades or operational changes.

Organizations that treat ISO 27040 as a one-time compliance exercise will miss its real value. Those that operationalize it by continuously assessing, hardening, and monitoring storage & backup security will significantly improve their cyber resilience.

Final Thoughts

Storage and backup systems are no longer passive infrastructure components. They are strategic security assets – and, if neglected, strategic liabilities.

ISO/IEC 27040:2024 provides a long-overdue, authoritative blueprint for protecting the systems that ultimately determine whether an organization can recover from a cyberattack.

If your storage & backup systems are not secure, your security program is not complete.

Tech controls required by ISO, audited (and potentially enforced) by StorageGuard

Frequently Asked Questions (FAQs)

Why is ISO/IEC 27040 important for cybersecurity?

ISO/IEC 27040 is important because storage and backup systems are increasingly targeted by ransomware and data-destructive attacks. The standard addresses long-standing security gaps by defining controls for encryption, access management, logging, protocol hardening, and data immutability—areas often overlooked by traditional security programs.

How does ISO/IEC 27040 relate to ISO 27001 and ISO 27002?

ISO/IEC 27040 complements ISO 27001 and ISO 27002 by providing storage-specific security guidance that those standards do not cover in detail. While ISO 27001 defines information security management requirements and ISO 27002 lists general controls, ISO 27040 explains how to apply security controls specifically to storage, backup, and data protection technologies.

What are the main security controls required by ISO/IEC 27040?

ISO/IEC 27040 defines controls across encryption, authentication, access control, logging, monitoring, protocol security, vendor access management, and secure data sanitization of storage and backup systems. Many requirements focus on eliminating insecure legacy protocols, enforcing minimum cryptographic strength, and continuously validating storage and backup security configurations.

How does ISO/IEC 27040 impact audits and compliance?

ISO/IEC 27040 is increasingly used by auditors to assess whether organizations adequately protect storage and backup systems. While not a certification standard itself, it provides detailed criteria that auditors may use to evaluate compliance with ISO 27001, regulatory requirements, and cyber resilience expectations.

The post What Security Leaders Need to Know About ISO27040 – Storage & Backup Security appeared first on Continuity™.

1. Industry Trends

What do you see as the single biggest disruptor in enterprise storage & backup today?

For David Brown, Storage Architect at State of Michigan, the biggest disruptor is unambiguous:

“If you’d asked me this question 20 years ago, I would have said virtualization.
Today, the elephant in the room is artificial intelligence.”

David contrasted the early days of SAN:

“One of the first SANs I ever put in was a whopping 5.5 terabytes. We thought, we’ll never outgrow this. Virtualization came along and we were doubling and tripling capacity almost every year.”

Now, AI and machine learning are driving a similar – but even more intense – disruption:

• New workloads (e.g., autonomous vehicles) are discussing yottabytes in capacity planning.
• AI requires instant performance, low latency, and massive parallelism.
• Storage becomes a core dependency for AI’s success, not just a downstream consumer.

2. Security

How are storage systems adapting to the rise in ransomware attacks?

Julian Topley, Senior Delivery Manager – Storage & Backup at Lloyds Banking Group, framed the shift starkly:

“We’ve invested for years in perimeter security. But the real vulnerability is the destination – the data. That’s where ransomware now goes, and increasingly backups as well.”

Julian outlined two guiding principles:

1. Protection must be layered

“Snapshots and replication are the frontline for fast recovery. Backup and vaulting are the last bastion for recovery and forensics.”

2. Storage must get “cyber-smart”

“Storage has to offer immutability, anomaly detection, and clean recovery points.
Storage needs to be smart.”

Are immutability and air-gapped backups becoming table stakes?

David Brown’s answer was unequivocal:

“Both immutable backups and air-gapped backups have become table stakes for a true cyber-resilient strategy. They used to be advanced features. Today they’re mandatory requirements.”

He explained why traditional backup rules are no longer enough:

“The old 3-2-1 rule – three copies, two media, one offsite – isn’t enough. Attackers can still corrupt those locations.”

His team is moving toward an enhanced rule:

“We’re looking at a 3-2-1-1-0 rule: three copies of data, two different media types, one copy stored offline, one copy immutable or vaulted, and zero errors after verification when you restore.”

On cloud and air gapping:

“In my opinion, cloud-written backups do not constitute an air gap.
There’s still access to the cloud, and as we’ve seen, the cloud is not a guaranteed safe harbor.”

What challenges do you foresee with evolving data sovereignty laws?

Naresh Kattel, VP Storage Management from AllianceBernstein pointed out that global enterprises face a patchwork of regulations:

“Every large enterprise operates in different markets, and every market has a regulator.
These regulators are unleashed on you to make sure you understand the rules.”

He outlined three practical needs: know your inventory, understand regulatory impact, and partner with legal & compliance.

Should InfoSec teams build deeper storage-security expertise?

Kevin Battle strongly believes in deeper cross-team understanding:

“Absolutely. Right now everything is segmented – separate security teams, separate backup teams, separate storage teams. But with new AI-aware software, everyone has to coordinate and be aware.”

He highlighted the role of storage-security tooling:

“That’s what I appreciate about solutions like StorageGuard, which I’ve used for three years. It gets inside the perimeter to scan storage and SAN. Those are areas other tools just don’t touch.”

Julian Topley agreed on shared responsibility – but warned against blurring it:

“The security and storage teams must share the problem, but the key is not to blur responsibility.”

He framed it in the following way:

• Security team: owns threat, policy, escalation
• Storage & backup team: own configuration, change, fabrics, protocols

Julian explains how 3^rd party solutions can help:

“Tools like StorageGuard really help here – they continuously discover storage and backup systems and add that contextual security layer, mapping configurations and firmware against live vulnerabilities and good practice.”

3. Technology & Innovation

How is AI changing storage management – is it hype or reality?

David Brown was clear:

“It’s definitely reality. We’re using AI for IT operations – supporting customer support, security, backup and recovery. For storage, it turns systems into active participants in maintaining uptime and data security.”

Examples he gave included:

• Predictive maintenance

“Models continuously analyze logs, sensor readings, and performance to predict failures before they impact production.”

• Intelligent tiering & triage

“We used to write scripts to move data between tiers based on age and activity.
AI can now constantly analyze data and predict when it might be needed, staging it preemptively.”

Click here to read the full report: ‘The Storage Leaders Guide’, and watch the on-demand Virtual Panel, click here.

The post Lessons from Enterprise Storage Leaders – 2026 Trends, Threats & Transformations appeared first on Continuity™.

Threat actors no longer rely on slow, manual reconnaissance. With AI, they can instantly map environments, detect misconfigurations, craft targeted exploits, and orchestrate attacks at a scale and velocity that traditional defenses simply weren’t designed to withstand.

Because of this shift, organizations can no longer depend on periodic assessments or occasional audits. The pace of AI-driven threats demands continuous security posture management. Weaknesses must be identified faster, prioritized intelligently, and remediated sooner.

Put simply: you need to find more issues – and you need to fix them faster.

Data Infrastructure: A High-Value Target

At the heart of every organization lies its data infrastructure: storage and backup platforms that house critical workloads, sensitive information, and the core of cyber-recovery operations.

These systems have always been attractive targets – but AI has dramatically raised the stakes. With access to powerful automated analysis tools, attackers can probe storage and backup environments, pinpoint subtle misconfigurations, and exploit vulnerabilities that once took days or weeks to uncover.

A compromised storage or backup environment can bring an entire organization to its knees.

StorageGuard was built to stop this from happening. It continuously ensures that storage and backup systems are:

• Hardened according to security best practices
• Compliant with industry and vendor guidelines
• Free from known vulnerabilities
• Aligned with the organization’s secure configuration baseline

This continuous posture management – combined with deep domain expertise in storage and backup – helps organizations get ahead of rapidly evolving threats.

Two Critical Capabilities for Combatting AI-Driven Attacks

To help customers keep pace with the sophistication and velocity of modern threats, we are expanding StorageGuard with two major capabilities:

1. Automatic Remediation

StorageGuard’s Fix It capability allows teams to initiate remediation directly from detected findings. When combined with our REST API, ITSM workflows, and AI integrations, organizations can enable fully automated remediation—ensuring misconfigurations are corrected continuously and consistently.

The result:

• A dramatically reduced exposure window
• Fewer manual processes
• Scalable security and operations without increasing headcount

2. AI Integration for Natural-Language Security Operations

By connecting your AI environment to the StorageGuard MCP Server*, teams can inspect and harden configurations, investigate and resolve weaknesses, and validate compliance—all through natural language.

Imagine prompting your AI assistant to:

• “Remediate incorrect ACL settings on my backup appliances.”
• “Check whether my backup system is vulnerable to CVE-2025-57788 and create a mitigation plan.”

This removes the learning curve for complex infrastructure, accelerates investigations, and simplifies audit and compliance workflows.

The Bottom Line

AI is accelerating both sides of cybersecurity. Attackers are moving faster – and defenders must, too.

Continuous posture management, automated remediation, and natural-language-driven security operations are no longer optional. They’re becoming essential.

StorageGuard ensures that your most critical data systems remain secure, compliant, and resilient – even as threats evolve at machine speed.

*The StorageGuard MCP Server is included in the Enterprise + AI edition of StorageGuard and is currently available under limited release.

The post AI Has Changed the Rules of Cyber Defense. Here’s How to Respond appeared first on Continuity™.

Since January 2025, the ransomware group has affected 591 organizations across 58 countries. Most victims were in the US, Canada, and UK – with financial services, healthcare, and manufacturing among the hardest hit.

According to the research, any environment using centralized backup solutions or hybrid Windows/Linux infrastructures is at risk.

Industry Report Reveals Widespread Risk 

While this may sound like a shocking statistic, this doesn’t come as a surprise. In Continuity’s annual primary research, The 2025 Security Maturity of Storage & Data Protection Systems, which assessed 323 enterprise environments encompassing 11,435 backup and storage systems, the findings were alarming:

Key Findings: 

• 6,085 distinct security issues uncovered – spanning over 390 failed security principles 
• On average, each backup and storage system contained 10 security risks, 5 of which were classified as high or critical 
• The most common risk areas included:
  • Authentication & identity management 
  • Access control & authorization gaps 
  • Unaddressed CVEs 
  • Improper use of ransomware protection features 
  • Encryption misconfigurations

This data reinforces the growing reality that most backup and storage environments remain significantly under-secured – despite mounting threats. 

The Trend: Targeting Backup as a Primary Attack Vector 

Attackers are zeroing in on backup systems as prime targets. Why? Because these systems are the last line of defense – and compromising them disables recovery, facilitates ransomware extortion, and opens pathways to broader lateral movement. 

One high-profile example: the largest data breach in history at UnitedHealth, where attackers successfully disabled their backup environment, preventing data recovery and causing months-long operational disruption. 

Why Backup Systems Are High-Value Targets 

Backup systems are foundational to enterprise data resilience. By compromising them, attackers can: 

• Neutralize recovery capabilities (especially in ransomware attacks) 
• Exfiltrate sensitive data 
• Destroy or corrupt primary data or backup data copies 
• Use these platforms as stealthy pivot points to compromise broader IT environments 

Despite their criticality, these systems are often under-secured. Many security teams lack visibility, tooling, or expertise to adequately defend them. 

Conclusion: The Back-End is Now The Front-Line 

The recent wave of attacks is a stark reminder: backup systems are not just infrastructure – they’re high-value assets under direct attack. It’s time they receive the same security scrutiny and operational rigor as front-line systems.

Tools like StorageGuard are critical in bridging this gap and defending one of the most vulnerable layers of the modern enterprise. 

StorageGuard is the only Security Posture Management solution purpose-built for enterprise backup, storage, and data protection systems.

It scans, detects, and prioritizes vulnerabilities, security misconfigurations, and compliance gaps across multi-vendor backup and storage systems, enabling organizations to proactively secure their critical data infrastructure.

By bridging the security visibility gap in backup and storage layers, StorageGuard empowers IT and security teams to identify and remediate risks before they impact data availability, integrity, or confidentiality – strengthening an often-overlooked but vital part of the enterprise attack surface.

The post The Escalating War on Enterprise Backups — and How to Fight Back appeared first on Continuity™.

That’s where configuration baselines come in.

Why Configuration Baselines Matter

A configuration baseline defines the expected settings and controls that every system should follow. Much like a checklist for secure and reliable operations, baselines ensure that all systems are configured according to best practices and organizational requirements.

When properly implemented, configuration baselines:

• Help maintain hardened, healthy, and resilient systems
• Enable compliance with internal and external standards
• Simplify audit preparation and risk management
• Provide a foundation for continuous security improvement

For example, a simple but crucial baseline requirement is to configure Network Time Protocol (NTP) for accurate time synchronization across systems – essential for logging, auditing, and correlation.

The Anatomy of a Baseline Requirement

Each baseline requirement should be clearly documented and traceable. A well-structured baseline entry typically includes:

• Summary – A short description of the control (e.g., “Disable Telnet access”)
• Rationale – Why this control is needed and what risk it mitigates
• Product-specific details – Relevant models, versions, and implementation notes
• Lifecycle data – Creation, review, and update dates
• References – Vendor or regulatory sources

This approach allows teams to build, verify, and maintain baselines in a repeatable and scalable way.

The Tiered Baseline Approach: Gradual, Measurable Improvement

Not all systems are equally sensitive — and not every organization can jump straight to “perfect” hardening. That’s why tiered, progressive baselines provide a practical path for continuous improvement.

Each tier represents a progressive level of configuration maturity:

Level 1: Essentials

Focus on foundational controls like:

• Disabling Telnet and insecure protocols
• Enforcing password policies
• Enabling multifactor authentication
• Setting role-based access controls (RBAC)
• Denying default Fibre Channel zones

Level 2: Enhanced

Build on essentials by adding:

• IP Access Control Lists (ACLs)
• Remote support and email alert configurations
• NTP and system time settings
• Encrypted data-at-rest where applicable

Level 3: Advanced

Strengthen your security posture with:

• Valid certificate enforcement
• Secure SNMPv3 configurations
• Syslog integration and strong cipher suites
• Dual authorization for destructive operations
• Encryption for backup traffic

Level 4: Robust

Push towards resilience with:

• No root login
• Internal firewall enforcement
• SMB signing and NFSv4 + Kerberos
• Anomaly detection and authorized server lists
• Segregated management and data networks

Level 5: Fortified

Achieve full hardening and audit readiness with:

• External key management
• FIPS mode enforcement
• Secure syslog and time synchronization
• Smart card (PIV/CAC) authentication
• Cloud/SaaS connection restrictions

This tiered methodology allows enterprises to customize their journey – defining their starting point and target maturity by system criticality and sensitivity.

Common Enemies of Configuration Baselines

Despite best intentions, many organizations struggle to maintain consistent baselines due to:

• Heterogeneous environments spanning multiple vendors and products
• Frequent provisioning/decommissioning cycles
• Mergers & acquisitions, introducing configuration drift
• Manual verification processes that can’t scale
• API/CLI changes introduced by vendors
• Outdated baselines not reflecting new threats or compliance updates

To combat these, periodic reviews and automation are non-negotiable.

Keeping Baselines Current: Continuous Verification

A baseline is only as strong as its maintenance process. Organizations must routinely assess whether:

• New features or CLI/API changes affect baseline implementation
• Updated vendor best practices or security advisories exist
• New audit or compliance requirements have emerged
• Internal policies have evolved

This requires continuous research, verification and configuration drift detection, ideally through automated tools.

How StorageGuard Helps

StorageGuard simplifies baseline management for enterprise storage and backup systems by providing:

• A built-in risk library of best practice configuration checks
• Automated scans (scheduled or on-demand) for drift detection
• Secure configuration and hardening guidelines mapped to NIST, CIS, ISO, PCI DSS, HIPAA, and STIG standards, etc.
• Integration with ITSM, SIEM, and dashboarding tools
• Single control plane for heterogeneous storage and backup environments (Dell, NetApp, Hitachi Vantara, HPE, Pure, IBM, Rubrik, Commvault, Cohesity, Veeam, Veritas, etc.)

With StorageGuard, teams can configure, verify, and enforce baselines across all storage and backup assets — reducing the attack surface and strengthening overall cyber resilience.

Key Takeaways

• Use tiered baselines for a practical, progressive hardening approach
• Keep your baselines current and aligned with cyber threats, vendor and compliance guidelines
• Automate detection and remediation of deviations
• Embrace continuous verification to maintain confidence in your security posture

Automation is key – because in complex enterprise storage and backup environments, manual compliance is no longer sustainable.

Ready to start building your baseline?
Learn more about how StorageGuard can help you strengthen your storage and backup environments.

The post Five Levels of Configuration Baselines: A Roadmap to Hardening Your Storage & Backup Systems appeared first on Continuity™.

Hardening From the Get-Go

A hardened environment doesn’t happen automatically. You’ve got to start with a solid hardening guide for each of the vaulted platforms and implement hundreds of configurations, such as:

• Keep backup systems off the domain
• Require multi-factor authentication (MFA)
• Enforce dual control for sensitive actions
• Apply access control lists (ACLs) and least privilege
• Use dedicated user accounts for backup software and targets
• Practice good secret management and session limits
• Configure secure snapshots or immutable backup copies
• Secure time synchronization
• And many other hardening configurations

It’s all about layering controls so no single mistake becomes a breach.

It Can Be Configured – It Just Isn’t

Facts check – Manufacturers of vaulted storage & backup solutions almost always:

• Publish hardening guides.
• Expect customers to review, decide on, and implement dozens of additional settings per system—on top of standard configuration.
• Place responsibility on the customer to configure the solution in accordance with the hardening guide.
• Place responsibility on the customer to harden any integrated components inside the vault (e.g.,networking, backup, recovery, storage) according to security standards and best practices.
• There are valid reasons for this—some security settings can affect operational efficiency or performance and add cost in dollars, time, and effort—and organizations differ in how much of that trade-off they’ll accept.

I call this the “can be configured” syndrome—where vendors bury what’s possible across multiple documents and expect customers to find, interpret, and implement it themselves.

Vaults Often Cover A Subset – What About The Rest?

Let’s face it: not every system gets a vaulted backup. In fact, most companies only vault a small subset of their most critical systems. That’s usually because vaulting comes with real costs and complexity.

So what about everything else? The storage and backup systems that don’t live inside a vault still matter, and they can still be compromised if not properly hardened. That’s why it’s important to apply the same level of rigor across your broader storage and backup environment, not just selected few.

Preventing Configuration Drift and Ensuring Continuous Compliance

Even if you get the setup right, things drift. Systems change, patches get missed, new configurations sneak in and suddenly, the environment you hardened six months ago doesn’t look so tight anymore.

To stay ahead, you need to:

• Watch for configuration drift
• Audit your security controls regularly
• Find and prioritize security misconfigurations and vulnerabilities before attackers do

Continuous visibility and validation are the only ways to make sure your system hardening actually holds up over time.

The Unvaulted Need Strong Cyber Hygiene

Here’s where things get interesting. For systems without vaulted backups, strong security hygiene is everything. That means hardened configuration baselines, strict privileges, immutable backups, and dual authorization for any restore or delete actions, ACLs, IP filters, tight identify management, disabling unneeded services and many other hardening elements.

You might not have the same physical or network separation as a full cyber vault, but you can still create logical and procedural separation that delivers real protection.

StorageGuard: Hardening Made Simple

This is where StorageGuard helps. Our solution delivers automated hardening and continuous posture management for all enterprise storage and backup environments – both vaulted and non-vaulted.

• Quick deployment – software-only, agentless
• Simple setup – start identifying hardening opportunities immediately
• Actionable insights – instantly pinpoint security misconfigurations, vulnerabilities and compliance issues – along with remediation guidance
• Ongoing assurance – continuously monitor for config drift and enforce controls

With StorageGuard, enterprises can strengthen their cyber vaults and broader backup ecosystem quickly, efficiently, and at scale.

The post How to Keep Your Cyber Vault and Backup Systems Hardened – From Day One and Beyond appeared first on Continuity™.

In 2024, one of the world’s largest insurance firms suffered a data breach, which led to a rethink of their security strategy. With mounting pressure to ensure that critical infrastructure remained secure and compliant, the insurance firm needed a solution that could validate the configuration controls of these systems (including Dell Technologies, NetApp, and Brocade), and bridge the security visibility gap in their storage and data protection environment.

Laying the Groundwork: Dell Technologies and Continuity in Sync

The firm’s IT Infrastructure department was actively managing the configuration for their servers, but not for their storage & data protection systems.

While they had several processes for checking the configuration of their storage and data protection systems, they had no automated baselining mechanism in place, and no ability to scan the security configuration of these mission-critical systems.

The infrastructure team was concerned about the lack of a security baseline, and aligning their configurations to CIS Benchmarks.

Working with one of Dell’s Extended Technologies Complete (ETC) partners, Continuity – Dell offered StorageGuard, a solution that could help the insurance firm gain complete visibility into the security posture of their storage and data protection systems. This includes:

• Detecting when industry and vendor security configuration best practices are not implemented
• Validating adherence to various regulatory guidelines and industry standards, including CIS Benchmarks
• Continuous hardening of all storage and data protection systems

In September 2024, Dell and Continuity conducted a StorageGuard Proof of Concept (POC) for a subset of their PowerProtect DD (formerly Data Domain), PowerFlex, PowerScale (formerly Isilon), and Brocade SAN switches. This surfaced many security misconfigurations and vulnerabilities, along with remediation guidance.

Joint Execution: From Insight to Action

Following the POC, the firm purchased StorageGuard licenses and Professional Services – with deployment taking place in under four months.

The firm set 4-month goals to do the following:

• Establish a comprehensive baseline within StorageGuard for monitoring vulnerabilities, configuration best practices, and drift across their storage and data protection systems.
• Facilitate reporting against this baseline, prioritize the remediation of 25% of identified security findings, and create a documented framework for data integration into their IT Service Management platform, to include security reporting systems.

Results so far

• Enhanced security visibility across outsourced storage and data protection environments.
• Rapid detection and remediation of high-risk security misconfigurations and vulnerabilities. The infrastructure team remediated 30% of baseline configuration risks and vulnerabilities, surpassing the 25% target. And they want to keep the momentum going with another 25% of risks remediated in the next 3 months.
• Streamlined procurement and rollout, managed entirely through Dell.

Future Plans

Due to the success of the project, the firm’s infrastructure team plan on expanding StorageGuard across their APAC businesses. The deadline for this deployment set by customer is Q1 2026.

Why the Partnership Worked

The success of this engagement was rooted in how Dell and Continuity aligned their strengths:

• Continuity brought deep, purpose-built technology to uncover and mitigate risks in complex storage environments.
• Dell provided trusted delivery, procurement flexibility, and managed services capabilities to seamlessly embed the solution within the firm’s operating framework.

This customer project exemplifies the power of a well-aligned partnership. By combining StorageGuard with Dell’s enterprise delivery model, the insurance firm was able to take decisive action on storage & data protection risks – ensuring governance, visibility, and peace of mind across this mission-critical infrastructure.

The post Dell Technologies and Continuity Partner to Secure Global Insurance Firm’s Storage & Backup Environment appeared first on Continuity™.

Many enterprises have already taken the critical first step of deploying a cyber vault to protect backup copies. However, the harsh reality is that deployment alone doesn’t guarantee resilience. Attackers are adapting, and misconfigured vaults or backup systems are still vulnerable to compromise.

In fact, The Security Maturity of Storage & Data Protection Systems report shows that the average backup or storage device typically contains 10 vulnerabilities, five of which are high or critical, with many organizations lacking visibility into these risks.

For organizations that have started their cyber vault journey—or have a vault in production—this is the point where the real work begins: hardening, continuous validation, and integrating the vault into your wider cyber-resilience strategy.

Why Harden an Existing Vault & Backup Environment?

• Vault Misconfiguration Risks: A misconfigured air-gap, weak admin controls, or unpatched management interface can render even the most sophisticated vault ineffective.
• Attackers Target Vaults Directly: Sophisticated ransomware groups now target vault appliances and metadata to wipe or corrupt clean copies.
• Compliance Pressure: Frameworks like NIST SP 800‑209 and ISO/IEC 27040 emphasize ongoing validation and secure configuration management for vaults and backup infrastructure—not just initial deployment.
• Recovery Readiness: Without continuous validation and hardening, you risk discovering configuration drift or corrupted data only during a crisis.

What is a Cyber Vault? (A Reminder For Those Who Are Currently Looking Into It)

You’ve likely deployed one of these or are in the process of evaluating:

• Dell PowerProtect Cyber Recovery Vault – Clean-room recovery workflows and malware scanning for validated restoration.
• Rubrik Vault – Zero-trust architecture with immutable backups and automated recovery validation.
• Cohesity FortKnox – SaaS-managed, WORM-protected backup snapshots with multi-role approval and anomaly detection.
• NetApp Cyber Vault – ONTAP-based, SnapMirror-driven isolated snapshot environment with layered access controls.
• HPE Cyber Vault – Immutable, air-gapped copies with automated validation and recovery orchestration.
• Commvault Cleanroom & Cyber Vault – WORM-backed, anomaly-detected, isolated backups with automated “cleanroom” recovery.
• IBM Cyber Vault – FlashSystem/IBM Z-based immutable snapshots with orchestrated recovery testing and validation exercises.
• Veeam Cyber Vault – Azure-based immutable backup vault with enforced retention and zero-trust access.

If you already have one of these in place, the question isn’t “Do I have a vault?”.

It’s “Is my vault hardened and continuously validated?”

How StorageGuard Helps After Deployment

Unlike initial vault deployment projects, StorageGuard focuses on post-deployment hardening and ongoing cyber-resilience validation:

• Continuous Vulnerability Scanning: Detects CVEs and misconfigurations inside the vault and backup infrastructure, including OS, hypervisors, management interfaces, and storage controllers.
• Configuration Baseline Enforcement: Compares your vault and backup settings to vendor hardening guides and compliance frameworks. Alerts on drift over time.
• Recovery-Readiness Checks: Automates validation that your vault copies are not only isolated but also recoverable and aligned with retention policies.
• Compliance Reporting: Generates audit-ready evidence for NIST, ISO, PCI, HIPAA, and CIS frameworks to demonstrate ongoing vault security.
• Multi-Vendor Validation: Works across Dell, HPE, NetApp, Rubrik, Commvault, IBM, and Cohesity vaults – ideal for enterprises with heterogeneous backup and storage environments.

Cyber Vault + StorageGuard: A Combined Strategy

• Cyber Vault = Immutable, isolated copies of critical data.
• StorageGuard = Continuous hardening, vulnerability management, and compliance enforcement for the vault – and the entire backup ecosystem.

Deploying a vault is step one. Making it resilient, validated, and operationalized is step two – and it’s where most organizations fail without a dedicated hardening platform.

Conclusion

If you’ve already invested in a cyber vault, you’re on the right path. But the journey doesn’t end at deployment. To ensure your vault truly functions as the last line of defense against ransomware and insider threats, you need continuous hardening and validation.

With StorageGuard, you can move from “we have a vault” to “our vault is secure, compliant, and always ready for recovery.”

_____________________________________________________

Frequently Asked Questions (FAQ)

1. What is a cyber vault?

A cyber vault is a secure, isolated backup environment designed to store immutable copies of critical data. It creates a logical or physical air-gap between production systems and backup copies, protecting them from ransomware, insider threats, and accidental deletion. Cyber vaults are considered the last line of defense in modern cyber-resilience strategies.

2. If I’ve already deployed a cyber vault, why do I still need to harden it?

Deployment alone doesn’t guarantee security. Misconfigurations, unpatched vulnerabilities, or improper access controls can leave even an isolated vault exposed. Hardening ensures the vault is configured correctly, continuously validated, and integrated into your wider backup and security architecture.

3. How does StorageGuard work with cyber vaults?

StorageGuard scans backup and vault environments for vulnerabilities, misconfigurations, and policy drift. It compares configurations to vendor hardening guidelines and compliance frameworks, prioritizes risks, and provides remediation guidance. It supports multi-vendor environments and ensures vaults remain secure post-deployment.

4. Can a cyber vault protect against data poisoning attacks?

Not by itself. A vault will preserve any data ingested into it – clean or corrupted. This makes data poisoning a real risk. StorageGuard mitigates this by monitoring backup pipelines for suspicious changes and validating data before it enters the vault, ensuring only trusted copies are preserved.

5. Is a cyber vault the same as immutable backups?

Not exactly. Immutable backups are a feature; a cyber vault combines immutability with isolation, access control, and recovery workflows. Together, they create a secure environment where critical data can be restored even after a major cyberattack.

6. Do I need StorageGuard if my vendor already provides a vault solution?

Yes. Vendor vaults provide isolation and immutability for their own ecosystem. StorageGuard complements them by providing multi-vendor visibility, ongoing vulnerability management, configuration baseline enforcement, and compliance reporting across your entire backup infrastructure – including the vault.

7. Which vendors offer cyber vault solutions?

Popular cyber vault implementations include HPE Cyber Vault, Cohesity FortKnox, NetApp Cyber Vault, Dell PowerProtect Cyber Recovery Vault, Rubrik Vault, Commvault Cleanroom & Cyber Vault, IBM Cyber Vault, and Veeam Cyber Vault.

The post Beyond the Vault: Hardening Your Backups for Ultimate Cyber Resilience appeared first on Continuity™.

Gartner recently emphasized the need for much stricter security in its new report, Hype Cycle for Storage Technologies, 2025. Gartner analyst Julia Palmer focused on emerging storage technologies on infrastructure outcomes, as well as their adoption rates and maturity levels.

The goal was to help Storage & Infrastructure Leaders develop strategies to deliver secure, innovative and future-proof storage platforms that meet business requirements.

One of the key technologies highlighted in the report was ‘Cyberstorage’, which in Gartner’s words: “actively defends storage systems and data against cyberattacks through prevention, early detection and attack blocking.”

From ransomware to insider threats, if your primary storage is compromised, hundreds or thousands of workloads — databases, containers, VMs — can go down in a flash.

Worse still, if your backup systems are compromised, there’s no Plan B. No way to recover. You’re out of options.

On average, each enterprise storage or backup device has 10 vulnerabilities, including 5 critical or high-severity ones. Yet many organizations have limited visibility into these weaknesses.

While traditional security solutions exist at the network perimeter, storage systems often fall short in safeguarding against malicious activities. Cyberstorage solutions offer robust active defense against, and recovery from, cyberattacks targeting data storage systems – and their data.

Gartner Recommendations:

• Prioritize active defense and security of unstructured and structured data storage systems, because identifying and blocking an attack is just as important as recovering from one
• Avoid relying solely on data backups and snapshot methods to address cyber resilience concerns. These should serve as a last resort for disaster recovery rather than a proactive defense for your data.
• Select storage vendors based on their ability to support all the pillars of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (i.e., Govern, Identify, Protect, Detect, Respond and Recover)
• Upgrade existing storage infrastructure with vendor offerings and SLAs that include cyberstorage capabilities. Also, investigate the cyberstorage capabilities of your existing vendors, as many of them are adding cyberstorage services alongside their storage services

Solving the Cyberstorage Shortfall

StorageGuard is the industry’s first dedicated security hardening and vulnerability management platform purpose-built for enterprise storage and backup environments.

It scans, detects, and prioritizes vulnerabilities, misconfigurations, and compliance gaps across multi-vendor storage and backup systems, enabling organizations to proactively secure their critical data infrastructure.

StorageGuard also performs secure configuration analysis, allowing organizations to assess their storage and backup environments against security best practices, review baseline configuration findings, and implement hardening measures to reduce the risk of future attacks.

Final Thoughts

Storage and backup systems are your organization’s most critical — and ironically most overlooked — assets. They deserve the same security rigor as endpoints, networks, and apps.

With attacks intensifying and standards evolving, now is the time to prioritize vulnerability management and configuration hardening for your storage and backup infrastructure.

Read the full report:

Hype Cycle for Storage Technologies, 2025 (For Gartner Subscribers only). 

The post Gartner Calls for Storage & Backup Hardening to Combat Ransomware appeared first on Continuity™.

Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems 

Enterprise storage and backup systems have become a high-priority target for cybercriminals. In the last two months alone, there has been a dramatic escalation in the discovery—and in some cases exploitation—of critical vulnerabilities across leading storage and data protection platforms. With past attention focused on vendors like Veeam and MinIO, the threat landscape has now broadened to include major enterprise players such as IBM, Veritas, HPE, Dell, Commvault, and Broadcom.  

Critical Vulnerabilities Emerge Across Leading Vendors 

IBM: Privilege Escalation in BRMS 

On June 16, IBM disclosed a severe flaw in its Backup, Recovery, and Media Services (BRMS). The vulnerability enables low-privileged users to execute arbitrary, user-controlled code with elevated system access—potentially compromising the host’s operating system and exposing enterprise infrastructure to systemic risk. 

Veeam: New flaw lets domain users hack backup servers 

Also announced on June 16, Veeam’s security updates to fix several vulnerabilities, including a critical remote code execution, which impacts domain-joined installations. 

With many organizations integrating their backup servers into the corporate Windows domain, they are inadvertently disregarding Veeam’s security best practices. These guidelines advise Backup Admins to use a separate Active Directory Forest and protect the administrative accounts with two-factor authentication.   

HPE: Remote Code Execution in StoreOnce 

On June 6, HPE announced several vulnerabilities in its StoreOnce software. These flaws allow remote attackers to bypass authentication, run malicious code, and extract sensitive enterprise data. The risk spans both data compromise and operational disruption. 

Dell: Full Filesystem Access in PowerScale OneFS 

Also on June 6, Dell reported two serious vulnerabilities in its PowerScale OneFS storage OS. The most severe allows unauthenticated attackers to gain full, unauthorized access to enterprise file systems—jeopardizing data integrity and confidentiality at scale. 

CISA Flags CVE-2025-32433: Impacting Cisco and NetApp 

On June 10, the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert for a critical vulnerability in Erlang/OTP’s SSH implementation that was added to the known exploited vulnerabilities catalog. This zero-auth flaw enables remote command execution. The threat affects also widely used storage platforms from vendors like Cisco and NetApp, which rely on Erlang-based components. 

Commvault: Confirmed Exploitation in the Wild 

On April 28, two newly disclosed Commvault vulnerabilities—CVE-2025-34028 and CVE-2025-3928—have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. These flaws allow remote code execution (RCE) and persistent webshell access, putting enterprise data protection and disaster recovery processes at serious risk. 

• CVE-2025-34028 (CVSS 10.0): An unauthenticated ZIP file path traversal vulnerability enabling RCE. 

• CVE-2025-3928: Allows authenticated attackers to deploy persistent backdoors via webshells. 

Broadcom (Brocade) Fabric OS: Privilege Escalation to Root Access 

Also appearing in CISA’s KEV Catalog on April 28, CVE-2025-1976 affects Brocade’s SAN switches and directors. This flaw enables an admin-level user to escalate privileges and gain full root access to the operating system, allowing arbitrary command execution and manipulation of the Fabric OS. 

New Industry Report Reveals Widespread Risk 

Last week, Continuity released its third annual analysis: “The 2025 Security Maturity of Storage & Data Protection Systems.” The study assessed 323 enterprise environments encompassing 11,435 storage and backup systems across top vendors such as Dell, NetApp, Rubrik, Cohesity, Veritas, Hitachi Vantara, Pure, IBM, and others. 

Key Findings: 

• 6,085 distinct security issues uncovered—spanning over 390 failed security principles 

• On average, each storage and backup system contains 10 security risks, 5 of which are classified as high or critical 

• The most common risk areas include: 
  • Authentication & identity management 
  • Unaddressed CVEs 
  • Encryption misconfigurations
  • Access control & authorization gaps 
  • Improper use of ransomware protection features 

This data reinforces the growing reality that most enterprise environments remain significantly under-secured at the data protection layer, despite mounting threats. 

The Trend: Targeting Storage and Backup as a Primary Attack Vector 

Attackers are zeroing in on storage and backup systems as prime targets. Why? Because these systems are the last line of defense for data storage and business continuity—and compromising them disables recovery, facilitates ransomware extortion, and opens pathways to broader lateral movement. 

One high-profile example: the largest data breach in history at UnitedHealth, where attackers successfully disabled the backup environment, preventing data recovery and causing months-long operational disruption. 

Why Storage and Backup Systems Are High-Value Targets 

Storage and backup systems are foundational to enterprise data resilience. By compromising them, attackers can: 

• Neutralize recovery capabilities (especially in ransomware attacks) 

• Exfiltrate sensitive data 

• Destroy or corrupt primary data or backup data copies 

• Use these platforms as stealthy pivot points to compromise broader IT environments 

Despite their criticality, these systems are often under-secured. Many security teams lack visibility, tooling, or expertise to adequately defend them. 

Conclusion: The Back-End is Now Front-Line 

The recent wave of actively exploited vulnerabilities is a stark reminder: storage and backup systems are not just infrastructure—they’re high-value assets under direct attack. It’s time they receive the same security scrutiny and operational rigor as front-line systems. Tools like StorageGuard are critical in bridging this gap and defending one of the most vulnerable layers of the modern enterprise. 

The post Exploited and Exposed: Storage and Backup Systems Are Under Attack  appeared first on Continuity™.