• AI is accelerating vulnerability discovery and exploitation 
• Storage & backup systems are prime targets 
• Patching can’t keep up, especially in storage and backup environments 
• The exposure window is growing 
• Continuous hardening and configuration drift management reduce exploitability before patches are applied 
• StorageGuard shrinks the exposure window through continuous hardening, instant vendor advisory impact analysis, and guided remediation 

AI is reshaping cybersecurity – but not in a balanced way. While defenders are still figuring out how to operationalize it, attackers are already using AI to move faster, scale wider, and target more precisely.

What used to require time, skill, and coordination can now be automated and accelerated. The result is simple: the time between initial access and real impact is shrinking. And increasingly, that impact lands on storage and backup systems. 

From infrastructure to target 

It used to be that attackers focused primarily on the network edge or user endpoints. That’s no longer the case. 

AI-assisted attacks make initial compromise easier than ever – whether through advanced phishing, deepfake-based social engineering, or automated reconnaissance. But the more interesting shift happens after that first foothold. Once inside, attackers aren’t exploring blindly. They’re moving directly toward the systems that matter most – including storage and backup infrastructure as outlined in the latest CheckPoint Security report. 

AI is compressing the attack timeline 

One of the more profound changes is not just what attackers target, but how quickly they get there. AI enables faster vulnerability discovery, more effective lateral movement, and a more systematic way to identify weak points across infrastructure. It also reduces noise-making detection harder while improving attacker precision. 

Zero Day Clock shows the median time-to-exploit crossing into hours in 2026, with many CVEs exploited on or before disclosure. 

More vulnerabilities and faster exploitation 

At the same time, new AI-driven tools are dramatically increasing the volume of discovered vulnerabilities. Projects like Mythos are reportedly uncovering large numbers of previously unknown issues, including critical flaws in foundational components. Security advisories are expanding accordingly, sometimes listing hundreds of CVEs in a single release.  

The net effect is pressure on defenders from both sides: more vulnerabilities appear, and they are exploitable faster. 

The growing gap between discovery and remediation 

This creates a familiar – but now more acute – problem: the gap between when a vulnerability surfaces and when it is actually remediated. In theory, patching should close that gap. In practice, it’s not that simple in storage and backup environments.

These systems are not as flexible as typical compute platforms. Advisories are not published immediately, patching can be disruptive, requires careful testing and coordination, and is often delayed due to operational realities. 

So there is always a window of exposure. In the past, that window was manageable. In the AI era, it is increasingly not. Attackers are simply moving faster than patch cycles. 

Why hardening becomes decisive 

If patching cannot reliably close the exposure window, something else has to. 

That “something” is configuration posture. 

Whether a vulnerability is actually exploitable often depends less on its existence and more on the surrounding conditions: access controls, enabled services, network exposure, authentication settings, and so on. In other words, the system’s hardening level. 

Seen this way, the timeline splits into two distinct phases. Before a patch is available, or before it’s applied, hardening is the primary line of defense. Afterward, patching and remediation reduce the remaining risk. But that first phase is where exposure is highest, and where traditional approaches are weakest. 

This leads to a shift in mindset. Vulnerabilities are unavoidable; they will continue to grow in number, especially with AI accelerating discovery. Exploitation, however, is still conditional. It depends on whether the environment allows it. 

Hardening is what changes that condition. 

Rethinking how storage and backup systems are secured 

Adapting to this reality requires rethinking how these systems are managed. It’s no longer enough to rely on periodic reviews or manual assessments. By the time those happen, the state of the environment has already changed. 

What’s needed instead is continuous visibility into configuration, continuous validation of security baselines, and the ability to quickly understand exposure as new advisories appear. 

Equally important is the shift in perspective. Storage and backup platforms can’t be treated as backend infrastructure that gets occasional attention. They need to be treated as perimeter systems: high-value, high-risk, and continuously assessed. 

That also changes the way remediation is approached. It’s not just about applying patches, but about prioritizing what matters, understanding impact quickly, and reducing the time it takes to act. 

Closing the exposure window 

All of this ultimately comes down to one objective: shrinking the exposure window. AI is expanding it from one direction, by increasing the volume and speed of vulnerabilities. Operational constraints are expanding it from the other, by slowing down remediation. The only way to compensate is to reduce exploitability within that window. 

That’s where continuous hardening and exposure visibility come in. They don’t eliminate vulnerabilities, but they make them far less exploitable. 

How StorageGuard helps 

• Continuously hardens posture 
  Detects misconfigurations, drift, and hardening gaps across storage and backup systems. 
• Reduces exposure before patching 
  Focuses on the conditions that make vulnerabilities exploitable—not just the vulnerabilities themselves. 
• Instant impact analysis 
  Maps new security advisories to your environment to quickly identify affected systems. 
• Guided, prioritized remediation 
  Helps teams focus on what matters and act faster (patches, config fixes, compensating controls). 
• Cuts manual effort 
  Automates what is typically slow, manual triage and periodic assessment. 
• Enables faster decisions 
  Support for natural language queries make it easy to understand exposure and prioritize actions. 

Summary

Frequently Asked Questions (FAQs)

How is AI changing the speed of cyberattacks?

AI is significantly accelerating vulnerability discovery and exploitation, reducing the time from discovery to attack from days to hours.

Why can’t patching keep up with modern threats?

Patching is often delayed due to testing requirements, operational risk, and system constraints—especially in storage and backup environments

Why is security harder for storage and backup environments?

Storage and backup systems are harder to secure because patching is slower, changes are riskier, and configurations require careful coordination

Why is hardening critical before a patch is available?

Before patches are released or applied, hardening is the primary defense because it reduces the conditions that allow vulnerabilities to be exploited.

The post Storage & Backup Security in the Age of AI Attacks  appeared first on Core6.

The first wave of CVEs linked to Anthropic’s Claude Mythos Preview is now beginning to emerge. Several sit inside the components that storage and backup products are built on – TLS libraries, kernel subsystems, cryptographic providers, BSD-derived protocol stacks.

Vendor advisories specific to storage and backup have been limited so far.

What follows is our informed assessment of seven CVEs we believe warrant attention. The assessments below are based on previously reported advisories in storage and backup products and on public information about each CVE. They are not confirmed vendor guidance.

Based on this assessment, we also outline practical mitigation considerations and recommended next steps for storage and backup environments.

CVE-2026-31402 – Linux Kernel nfsd Heap Overflow

Critical, kernel.org: 9.8

A remote, unauthenticated attacker can corrupt kernel memory by sending two coordinated NFSv4.0 lock requests that overflow a buffer in the NFS server.

Linux underpins many storage and backup platforms (NAS controllers, backup appliances, HCI nodes). Exposure depends on whether the product uses in-kernel nfsd or a user-space implementation such as NFS-Ganesha. As a precaution, treat Linux-based systems serving NFS as potentially affected until vendors confirm otherwise.

CVE-2026-5194 – wolfSSL Certificate Validation Flaw.

Critical, NVD: 9.1

A signature verification flaw affecting both classical (ECDSA, Ed25519, Ed448) and post-quantum (ML-DSA) algorithms in wolfSSL could allow forged digital identities. Patched in 5.9.1; the bug had been present since 2017.

wolfSSL has appeared in past storage and backup security advisories. While this does not confirm exposure to CVE-2026-5194, it indicates that some vendors may embed the library and is a reason to investigate.

CVE-2026-5588 – Bouncy Castle BC-JAVA Signature Validation Flaw.

High, Redhat: 7.5

A signature verification flaw in Bouncy Castle’s post-quantum certificate code, patched in BC-JAVA 1.84. Most applications don’t use the affected path. More notable in the same release: CVE-2026-3505 (PGP DoS) and CVE-2026-5598.

Bouncy Castle has appeared in past storage and backup vendor advisories. Without a Software Bill of Materials (SBOM), exposure is hard to assess – and fixes arrive only when the vendor ships a refreshed build.

CVE-2026-28386 – OpenSSL AES-CFB-128 Out-of-Bounds Read. 

Critical, CISA-ADP: 9.1

An out-of-bounds read leading to denial of service, affecting systems running on modern x86-64 CPUs with AVX-512. Fixed in OpenSSL 3.6.2 and backports. AES-CFB-128 is uncommon in modern TLS but still appears in S/MIME and some IPsec deployments.

Given OpenSSL’s ubiquity, most vendors will need to assess this – even if urgency is limited by the DoS-only impact – and likely issue an advisory.

CVE-2026-5398 – FreeBSD TIOCNOTTY Use-After-Free.

High, CISA-ADP: 8.4

A local privilege escalation via a dangling pointer in FreeBSD’s terminal handling. Patched in FreeBSD-SA-26:10.tty. Realistic exploitation requires chaining with another vulnerability that provides initial access. FreeBSD-derived storage and backup appliances may be affected.

CVE-2026-6386 – FreeBSD amd64 Local Privilege Escalation

Medium, CISA-ADP: 6.2

Another local privilege escalation issue (FreeBSD-SA-26:11.amd64). Like CVE-2026-5398, it becomes meaningful when combined with an initial foothold, potentially enabling full system compromise.

CVE-2026-4747 – Remote Code Execution in FreeBSD NFS/RPCSEC_GSS

Critical, CISA-ADP: 8.8

We covered this in depth in our previous post. A long-standing stack buffer overflow in RPCSEC_GSS. While patched prior to Mythos, it was highlighted by Anthropic as part of Mythos’s autonomous exploit generation capability. Huawei and NetApp have both published notices confirming their products are not affected.

What to Watch for Next

We expect storage and backup vendors to publish impact assessments as analysis progresses. Monitor vendor security advisory channels closely over the coming weeks.

Five Things To Do While Waiting for Vendor Guidance

These CVEs share a pattern: they affect embedded components in the data and management planes. That shapes the mitigation posture.

1. Start with inventory. Before applying controls, know what you actually have. Build a list of which storage and backup systems are exposed to NFS, expose management interfaces, run Java-based management planes, or are FreeBSD-derived.
2. Revisit protocol hardening. The protocol-level recommendations from our previous post – NFS access restriction, network segmentation, export policy hardening — remain applicable and are worth revisiting in light of this broader pattern.
3. Prefer NFSv4.1+ where possible. CVE-2026-31402 specifically affects NFSv4.0. NFSv4.1 and later use a different session model that doesn’t go through the vulnerable code path.
4. Harden TLS and certificates. Replace broad public CA trust with an internal CA and a small, explicit allowlist. Enable mutual TLS where supported.
5. Isolate the management plane. Restrict management access to the minimum necessary. Block management interfaces on non-management network interfaces. Isolate the management plane at the network level.

Ask Your Vendors for an SBOM

All of these CVEs originate in foundational components and embedded dependencies – not in vendor product code itself.

Without a Software Bill of Materials, determining exposure is difficult before vendors issue advisories.

Ask your vendors for an SBOM, and if they can’t provide one, ask them specifically whether their products include the affected components. A targeted question is more likely to get a useful answer today than a broad SBOM request.

Keeping Pace with Faster Disclosure

This batch is an early indicator of how AI-assisted vulnerability research will reshape disclosure – more CVEs, surfacing faster, in deeper layers of the stack. Before advisories arrive, the only defense is continuous hardening and configuration discipline. Once they land, what matters is the speed of identifying affected systems and prioritizing remediation. Periodic checks won’t keep pace. This is where Core6 focuses with StorageGuard – continuous, real-time posture awareness for storage and backup systems.

For official guidance, refer directly to your storage & backup vendors’ security advisory pages.

References:

• Tracking CVEs Attributed to Anthropic Researchers and Project Glasswing | Blog | VulnCheck
• GitHub – patrickmgarrity/Anthropic-Credited-CVEs: Tracking Vulnerabilities That Appear to be Credited to the Anthropic Research Team · GitHub
• freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc
• NetApp Product Security – NTAP-20260410-0014
• NetApp Statement Regarding Anthropic Disclosure and Mythos Research Model
• CVE-2026-5588 – Red Hat Customer Portal

Frequently Asked Questions (FAQs)

What should you ask your storage or backup vendor right now?

Instead of asking broadly, ask targeted questions:

• “Do your products include wolfSSL / Bouncy Castle / OpenSSL versions affected by these CVEs?”
• “Are you using in-kernel NFS or a user-space implementation?”
• “Are any products based on FreeBSD and affected by SA-26 advisories?”

Also request: SBOM (Software Bill of Materials). This is the fastest way to validate risk across your environment.

How will AI-driven vulnerability discovery change storage security?

Expect:

• More CVEs
• Faster disclosure cycles
• Vulnerabilities in deeper infrastructure layers

Traditional approaches (quarterly reviews, manual audits) will struggle to keep up.

New requirement:

• Continuous visibility into storage security posture
• Real-time detection of configuration risks and exposure

What is the biggest takeaway for storage and backup teams?

These CVEs highlight a shift:

• Risk is increasingly in dependencies, not product code
• Exposure exists before vendor advisories are published

Actionable takeaway:

• Focus on hardening, segmentation, and visibility
• Reduce reliance on reactive patch cycles
• Speed up identification of affected systems

The post Anthropic-Associated CVEs Worth Watching for Storage and Backup appeared first on Core6.

CVE-2026-4747, a remote code execution (RCE) vulnerability in the FreeBSD NFS/RPC stack, is one of the early vulnerabilities publicly highlighted by Anthropic in connection with Claude Mythos Preview - their frontier AI model announced April 7, 2026.

While the vulnerability was patched by FreeBSD before the Mythos launch, Anthropic featured it as a demonstration of Mythos’s ability to autonomously construct sophisticated, working exploits for deeply embedded protocol-level flaws.

While Mythos has reportedly identified many vulnerabilities across software stacks, this case is notable because it targets core infrastructure protocols that are deeply embedded in enterprise storage environments. 

What Was Discovered? 

CVE-2026-4747 affects the NFS / RPCSEC_GSS (Kerberos-backed) implementation, and under certain conditions, the vulnerability may allow a remote attacker to achieve root-level code execution.

Triggering the overflow does not require prior authentication at the RPC level, but successful exploitation depends on specific configuration and exposure—including access to the NFS service and the use of RPCSEC_GSS (Kerberos) functionality. 

Key characteristics:

• Located in core NFS/RPC protocol handling 

• Present in production code for many years 

• Triggered via network-accessible services 

Taken together, these characteristics indicate this is not an edge-case issue but a flaw in foundational protocol logic. 

Why This Matters for Storage 

This should not be viewed narrowly as a FreeBSD issue. 

1. Some storage platforms retain FreeBSD lineage 

Some of the leading enterprise storage platforms have evolved from BSD-derived foundations, particularly in their networking and protocol implementations. 

2. FreeBSD contributed to NFS/RPC implementations 

FreeBSD and earlier BSD systems have long maintained widely used NFS and RPC implementations that are still foundational in storage environments today. The vulnerability affects a specific implementation of NFS/RPC, but similar flaws may exist in other implementations of the same protocol. 

3. NFS is ubiquitous in storage and backup 

NFS remains a core protocol across: 

• NAS systems 

• Backup appliances 

• Data protection repositories 

• Archive / object gateways 

Similar classes of vulnerabilities may exist in other storage systems that implement NFS/RPC, regardless of whether they run FreeBSD, Linux, or proprietary operating systems. 

 Who Is Potentially Affected? 

While CVE-2026-4747 is confirmed in FreeBSD and already patched in FreeBSD, broader exposure may include: 

• Storage systems with FreeBSD lineage 

• Platforms implementing NFS with RPCSEC_GSS / Kerberos authentication 

• Backup systems exposing NFS services 

• Storage environments with long-lived or lightly modified protocol stacks 

We expect storage and backup vendors to assess exposure internally and issue security advisories where applicable. Huawei and NetApp, for instance, already announced their products are not affected. Early community discussions, such as the one in the TrueNAS forums, have already surfaced concerns about exposure in storage platforms running older FreeBSD versions, particularly where patch adoption may lag. 

 What Should You Do in the Meantime? 

Focus on exposure reduction and protocol hardening: 

• Restrict NFS access 
  Limit to trusted internal networks; avoid external exposure 

• Segment storage networks 
  Isolate storage, backup, and management traffic 

• Harden export policies 
  Enforce least privilege; avoid overly broad or wildcard exports 

• Use Kerberos correctly  
  if RPCSEC_GSS is required in your environment, prefer krb5i or krb5p – but audit whether it is actually needed before assuming it provides protection here. 

• Minimize attack surface 
  Disable unused protocols and services; close unnecessary ports 

• Monitor for anomalous behavior 
  Watch for unusual RPC/NFS traffic patterns and authentication activity 

And Of Course, Patch When Available 

As Storage and Backup vendors release security advisories and fixes: 

Apply patches or firmware updates as soon as they are available and validated. 

Given the nature of this vulnerability – remote, protocol-level, and long-lived - timely remediation is critical. 

What Mythos Signals for Storage Security 

This is only a first glimpse of how tools like Mythos will impact IT security. Early reports already point to a significant increase in the volume of vulnerabilities being discovered across software stacks. The bigger question becomes: how do we protect storage and backup systems in this reality? 

Before advisories and patches are available, prevention relies on continuous hardening and configuration discipline. Without ongoing validation, it is difficult to ensure that critical controls – such as restricting NFS access, enforcing correct Kerberos configurations, limiting exposed services, and tightening management access – are consistently applied and remain effective over time.

Configuration drift becomes a primary risk factor. 

Once an advisory is published, organizations can begin impact analysis to identify affected systems. And when a patch becomes available, the process shifts to testing, change control, and deployment. 

At this stage, speed becomes critical: 

• How quickly can you determine exposure across your environment? 

• How fast can you understand mitigation steps and compensating controls? 

• How effectively can you prioritize and remediate? 

These challenges call for greater automation and continuous visibility – moving beyond periodic checks to real-time posture awareness, an area we’re actively focusing on at Core6 with StorageGuard. 

Summary 

CVE-2026-4747 is not just about FreeBSD. It highlights a broader shift: 

AI – including models well below the frontier – can now detect deeply embedded vulnerabilities in foundational protocols. Mythos Preview demonstrated that frontier AI can go further, autonomously constructing working exploits, but the discovery capability itself is increasingly broad-based. 

This is a signal that core IT infrastructure layers must now be continuously re-examined. 

Frequently Asked Questions (FAQs)

Why did Anthropic mention CVE‑2026‑4747 in the Claude Mythos Preview?

Anthropic highlighted CVE‑2026‑4747 as an example of Mythos’s ability to autonomously build a working exploit for a deeply embedded, protocol-level flaw. Even though FreeBSD patched the issue before the Mythos launch, the showcase signaled a shift: advanced AI can accelerate discovery and exploitation of foundational infrastructure vulnerabilities.

Why is this vulnerability relevant to enterprise storage and backup systems?

Because NFS remains ubiquitous across:

• NAS platforms
• Backup appliances
• Data protection repositories
• Archive systems and gateways

When a vulnerability targets network-accessible, long-standing protocol implementations, it can affect storage environments broadly—even if only one OS vendor has a confirmed CVE at first.

What immediate mitigations help reduce exposure before patches are available?

The most effective “now” actions are exposure reduction and hardening:

• Monitor for anomalies (unusual NFS/RPC traffic and auth behavior)

• Restrict NFS access to trusted internal networks (avoid external exposure)

• Segment storage networks (separate storage, backup, and management traffic)

• Harden exports (least privilege; avoid broad or wildcard exports)

• Minimize attack surface (disable unused services; close unnecessary ports)

What should storage teams do when security advisories arrive?

A practical sequence looks like:

• Rapid rollout: deploy fixes quickly, prioritizing exposed and high-value systems

• Impact analysis: identify potentially affected systems and configurations

• Compensating controls: enforce segmentation and restrictive access while evaluating

• Patch planning: test firmware/OS updates under change control

The post One of the First Public Mythos Showcases – and Its Impact on Storage  appeared first on Core6.

And then AI started to change the economics of attack.

AI didn’t invent ransomware or exploitation – but it compressed time, expanded scale, and lowered the cost of finding weak systems. The result is something we’re starting to see play out: attackers no longer look for the most sophisticated target. They look for the most consequential one.

And increasingly, that target is storage and backup systems.

This shift reflects a deeper pattern – what you might call an Anthropic Mythos of AI in cybersecurity. Not the myth of superintelligence, but the reality that AI accelerates whatever incentives already exist.

Attackers want leverage. And guess what; storage and backup systems provide it. AI simply helps them find the cracks faster.

The Blind Spot AI Loves

One of the most uncomfortable truths in modern security programs is how uneven our visibility really is.

Endpoints, networks, applications – these are continuously scanned, prioritized, scored. Storage and backup systems? Often assumed safe. Too complex. Too sensitive. Too “infrastructure‑owned” to fit neatly into exposure management programs.

Attackers have figured this out.

Research shows that the majority of ransomware incidents now explicitly target storage and backup repositories to prevent recovery and force payment. When backups are compromised, incidents turn into crises: longer downtime, regulatory fallout, operational paralysis.

AI doesn’t need to “break” storage and backup systems. It just needs to identify which ones haven’t been treated like first‑class citizens in the security model.

From Feature AI to Risk AI

One of the most important AI trends in cybersecurity isn’t about flashy capabilities – it’s about context.

AI is shifting security away from isolated findings and toward risk understanding:

• Which weaknesses matter most?
• Which systems amplify business impact?
• Which issues collapse recovery options?

This is where storage and backup security finally enters the risk conversation, rather than sitting outside it.

The joint approach from Qualys Enterprise TruRisk™ and Core6’s StorageGuard reflects this shift. Instead of treating storage as an architectural special case, it becomes another – critically important – risk domain that can be assessed, prioritized, and acted on alongside endpoints and applications.

Not more data. More meaning.

Why AI-Driven Attackers Go After Recovery

There’s something almost narratively predictable about modern ransomware campaigns.

If you think in Anthropic terms – systems shaped by incentives – the logic is clear:

• Attackers don’t want denial of service.
• They want negotiation advantage.
• Recovery infrastructure is the leverage point.

AI accelerates reconnaissance and vulnerability clustering. It surfaces misconfigurations, exposed interfaces, and hardening gaps – especially in complex, multi‑vendor storage and backup environments that rarely get consistent scrutiny. That’s why continuous autonomous validation matters more than episodic checks. StorageGuard’s scan of storage and backup systems – aligned to vendor hardening guides and industry standards – feeds directly into Qualys’ risk context, turning “invisible infrastructure” into actionable cyber risk.

One Risk Model, Not Two Worlds

Another quiet AI trend in cybersecurity is consolidation – not of vendors, but of decision models.

Security teams don’t need separate mental frameworks for infrastructure risk and cyber risk. They need one shared language of exposure and impact.

By surfacing storage and backup security advisories, vulnerabilities, security misconfigurations and compliance issues directly inside Qualys workflows, organizations can:

• Prioritize remediation based on business risk, not just technical severity
• Align Infrastructure and SecOps teams around the same risk signals
• Reduce friction caused by siloed tools and disconnected ownership

This matters because AI-driven attacks don’t respect org charts. Defense shouldn’t either.

The End of “Safe by Assumption”

If there’s one myth AI is breaking in cybersecurity, it’s the idea that anything is secure simply because it’s complex, critical, or historically untouched.

Storage and backup systems are no longer passive repositories. They’re active battlegrounds in modern attacks.

The organizations that adapt fastest aren’t chasing AI hype. They’re asking better questions:

• Where do attackers gain leverage?
• Which systems eliminate recovery when they fail?
• Which risks have we normalized for too long?

AI doesn’t answer those questions for us. But it ensures attackers are asking them already.

The only real choice is whether defenders catch up.

Visit the Core6 profile on the Qualys Partner Portal: https://technologypartners.qualys.com/partners/core6

Frequently Asked Questions (FAQs)

1. How does Qualys address storage and backup security risk?

Qualys integrates storage and backup risks into its Enterprise TruRisk™ model, allowing organizations to assess, prioritize, and remediate recovery‑related exposures using the same workflows applied to endpoints, networks, and applications.

2. What role does Core6 StorageGuard play in cyber risk management?

Core6 StorageGuard continuously evaluates storage and backup systems against vendor hardening guidelines and security standards, surfacing misconfigurations and vulnerabilities that feed directly into enterprise risk workflows.

3. What does “one risk model” mean in cybersecurity?

A single risk model unifies infrastructure and cybersecurity risk, helping security, infrastructure, and operations teams prioritize remediation based on business impact instead of working in disconnected silos.

4. How is AI shifting cybersecurity toward risk‑based decision making?

AI is moving cybersecurity from isolated vulnerability findings to risk understanding—helping teams assess which weaknesses create the greatest operational, financial, and recovery impact rather than prioritizing issues based only on technical severity.

The post How Qualys and Core6 Are Redefining Risk Visibility in the Age of AI appeared first on Core6.

While many storage and backup platforms are rightly classified as critical, criticality is not a single tier but a spectrum.

Differences in failure modes, recoverability impact, exposure, maturity, and regulatory scope mean that some systems demand earlier attention, deeper validation, or stronger controls than others.

A structured, multi‑dimensional approach enables security teams to make deliberate, risk‑based prioritization decisions – even within the critical asset set – across both steady‑state operations and worst‑case recovery scenarios.

Below we outline practical criteria to assess and compare criticality across the enterprise storage and backup estate.

Storage & Backup Asset Criticality Criteria

The criterions are divided into four categories: Operational, Technological, Physical Characteristics and finally Governance Compliance and regulatory considerations.

Category 1: Operational context

Category 2: Technology context

Category 3: Physical Characteristics

Category 4: Governance Compliance and regulatory considerations

Final Thought

Storage and backup systems are no longer passive infrastructure components. They are primary security assets, with risk profiles that change dramatically under failure or attack. In a world where the control plane is the new perimeter, these systems have become prime targets.

By applying a structured criticality model – one that balances operational importance, recoverability impact, and security maturity – organizations can:

• Prioritize hardening and validation efforts
• Reduce blind spots attackers increasingly exploit
• Make defensible, risk‑based decisions aligned with business impact

Frequently Asked Questions (FAQ)

1. Why do storage and backup systems need their own criticality model?

Storage and backup platforms (from the likes of Dell, NetApp, Hitachi Vantara, HPE, IBM, Everpure (formerly Pure), VAST Data, Rubrik, Commvault, Cohesity, Broadcom, Cisco, etc.) differ fundamentally from traditional applications or servers. They often protect hundreds or thousands of workloads, store highly sensitive data, and become the last line of defense during ransomware or destructive attacks. Applying a generic asset classification model usually underestimates their blast radius, recovery impact, and attacker value.

2. Aren’t all storage and backup systems already “critical”?

They are – but not equally so. Criticality is a spectrum, not a single tier. Differences in data sensitivity, dependency density, recoverability role, exposure, and governance maturity mean some systems demand earlier hardening, deeper validation, or stricter controls than others—especially under worst‑case recovery scenarios.

3. Why does “access density” matter so much?

High fan‑in systems – those connected to many servers, applications, and management tools—have an amplified blast radius. A single misconfiguration or compromise can cascade across large portions of the environment, making access density one of the strongest predictors of risk.

4. How do AI and ML workloads change storage and backup criticality?

AI/ML systems often store high‑value datasets, model artifacts, and training pipelines that are reused across teams and products. Compromise can affect model integrity, business decisions, and downstream systems, elevating both the security and operational impact of the supporting storage platforms.

The post Determining Asset Criticality in Enterprise Storage and Backup Environments appeared first on Core6.

In fact, Gartner reports a 187% year‑over‑year increase in client inquiries related to data resiliency in 2025 compared with 2024, underscoring how urgently organizations are rethinking their ability to protect and recover business‑critical data.

In parallel, inquiries explicitly focused on cyberstorage grew by 167% over the same period, highlighting the acceleration of storage‑layer security as a standalone priority – not just an extension of backup or recovery tools.

From Backup-Centric Recovery to Active Storage Defense

Traditional cyber resilience approaches focused heavily on backup frequency, immutable snapshots, and recovery time objectives. While these capabilities remain essential, they are no longer sufficient on their own.

Modern ransomware and data‑centric attacks are designed to evade detection, compromise administrative credentials, and directly target storage & backup systems

The Market Guide for Cyberstorage describes how cyberstorage embeds security directly into storage and backup platforms, focusing on posture hardening, continuous validation, and recovery assurance.

Put simply: backup is reactive by nature; storage must now participate proactively in cyber defense.

Why Storage & Backup Security Posture Management Matters

As cyberstorage capabilities mature, Gartner emphasizes that consistent execution and hardened security posture across different storage and backup platforms are far more important than individual features, especially in large enterprises operating multivendor storage and backup ecosystems and legacy infrastructure alongside newer platforms.

In practice, this complexity leads to uneven protection. Native security features may exist on some platforms but not others. Policies drift over time. Privileged access expands quietly. Recovery assumptions go untested.

Storage and backup security posture management addresses these realities by continuously assessing and validating:

• Configuration baselines across storage and backup platforms – and deviations or drifts that happen over time
• Exposure to security advisories, vulnerabilities, and security misconfigurations
• Alignment with industry standards, regulation, and cybersecurity frameworks

Without posture management, organizations often discover gaps only during an incident – when it is already too late.

Cyberstorage in Multivendor, Legacy, and Hybrid Environments

A key insight from the Market Guide is that, while many storage vendors are embedding baseline cyberstorage features, capability depth and maturity remain uneven – particularly across:

• Multivendor environments
• Older or legacy storage platforms
• Complex hybrid cloud architectures

As a result, many enterprises continue to adopt specialized cyberstorage solutions to provide independent validation, consistent policy enforcement, and unified visibility across their entire storage and backup estate.

These solutions are especially important in environments where organizations must assume that administrative credentials may be compromised – and where recovery workflows must remain trusted and operable under active attack conditions.

StorageGuard by Core6: A Representative Vendor in Cyberstorage

In the Gartner Market Guide for Cyberstorage, Core6 (previously ‘Continuity’)  is named as a Representative Vendor based on our StorageGuard solution, reflecting its role in addressing the growing need for security posture management.

StorageGuard focuses on continuously assessing and hardening storage and backup environments, helping organizations uncover misconfigurations, security gaps, and latent risks across diverse platforms. By delivering cross‑vendor visibility and posture enforcement, StorageGuard supports the core cyberstorage outcomes highlighted in the Market Guide.

This posture‑driven approach is particularly valuable for large enterprises, where operational complexity – not lack of technology – is often the biggest obstacle to cyber resilience.

Download the Gartner® Market Guide for Cyberstorage

Attribution: Gartner, Market Guide for Cyberstorage, Vishesh Divya, 23 February 2026.

Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Frequently Asked Questions (FAQ)

1. What is cyberstorage?

Cyberstorage is an approach to securing enterprise storage that embeds active detection, containment, and recovery assurance directly at the data layer, rather than relying solely on backup or perimeter security. It treats storage systems as active participants in cyber defense, capable of detecting early-stage attacks, limiting blast radius, and validating recovery readiness.

2. What is security posture management for storage and backup?

Storage and backup security posture management is the continuous assessment and hardening of storage and backup environments to ensure they are securely configured, resilient to attack, and aligned with cyber resilience best practices. It focuses on identifying misconfigurations, privilege risks, policy gaps, and exposure that could undermine recovery during a cyber incident.

3. Why are multivendor storage environments harder to secure?

Multivendor environments often have inconsistent security models, visibility gaps, and uneven maturity across platforms. Native protection features vary widely between vendors, making it difficult to maintain a unified security posture. This complexity increases the risk of misconfiguration and blind spots that attackers can exploit.

4. What types of organizations benefit most from cyberstorage – and specifically security posture management?

Cyberstorage and storage security posture management are especially valuable for:

• Large enterprises
• Organizations with multivendor or hybrid storage environments
• Regulated industries with strict recovery and compliance requirements
• Businesses reliant on uninterrupted access to critical data

The post Cyberstorage Comes of Age: Why Security Posture Management Is Now Critical for Storage & Backup appeared first on Core6.

AI-Powered Security Operations for Storage & Backup

Imagine prompting your favorite AI tool to:

• “List all administrator user accounts and groups on my NY-based storage systems”
• “Remediate incorrect session-limit settings on my backup appliances”
• “Check whether my storage systems comply with the proposed 2025 HIPAA regulation updates”
• “Determine whether my backup system is vulnerable to CVE-2025-3928”
• “Identify which hardening guidelines are still missing on my NAS platforms”

By connecting your AI environment to the StorageGuard MCP Server, teams can query configurations, investigate findings, generate reports, and validate compliance—all through natural language. This dramatically reduces the learning curve and streamlines IT hardening, security operations, and audit-related tasks.

What’s Next: Cross-Layer Intelligence With MCP

The real power of MCP emerges when your AI application can access multiple MCP-enabled systems – StorageGuard alongside platforms such as ServiceNow, Varonis, Check Point, Netwrix, and others.

Correlating insights across these layers unlocks new possibilities:

• Advanced risk-based vulnerability prioritization using layered-defense analysis and attack-path insights
• Streamlined compliance reporting by bringing data-classification context into Storage and Backup posture assessments
• Business-aware remediation by attaching business-unit, service, and application context to Storage and Backup environments

This cross-layer intelligence drives faster, more accurate decisions and elevates both security and operational efficiency.

Availability

The StorageGuard MCP Server is currently offered in limited-availability beta as part of the StorageGuard Enterprise + AI edition.

If you’d like to learn more or explore what MCP can enable for your environment, contact us today!

Frequently Asked Questions (FAQ)

1. Why do AI-driven threats require a new cyber defense strategy?

AI empowers attackers to instantly map environments, detect misconfigurations, and launch targeted exploits at machine speed, far beyond traditional manual reconnaissance approaches. This renders periodic security checks insufficient and demands continuous security posture management.

2. What makes data infrastructure such a critical target for AI-powered attacks?

Data infrastructure — especially storage and backup systems — houses sensitive workloads and cyber-recovery capabilities. AI can quickly identify subtle vulnerabilities in these systems, making compromise catastrophic without proactive defense.

3. How does automated remediation improve cyber defenses?

Automated remediation — such as StorageGuard’s Fix It capability – allows organizations to correct security misconfigurations automatically, reducing exposure windows and scaling security without proportionally increasing headcount.

4. How does StorageGuard help organizations defend against AI-driven cyber threats?

By connecting our customers’ AI environments to the StorageGuard MCP Server, teams can inspect and harden security configurations, investigate and resolve weaknesses, and validate compliance – all through natural language.

The post AI-Powered Security for Storage & Backup: Introducing the StorageGuard MCP Server appeared first on Core6.

VAST’s CNode‑X integrates NVIDIA RTX Pro 6000 Blackwell GPUs with the VAST EBox data platform to deliver a fully accelerated AI data stack for vector search, GPU‑native SQL, and containerized model orchestration—bringing AI to your data rather than moving data to AI.

That convergence raises the security bar. When storage, vector indices, and AI runtimes share one fabric, misconfigurations become attack surfaces that threaten data security, integrity, model safety, and compliance.

StorageGuard, a Security Posture Management Solution for storage and backup systems, addresses this by continuously identifying security misconfigurations, compliance issues, vulnerabilities and configuration drift, and driving remediation – purpose‑built for VAST environments.

Why AI Storage Needs a New Security Posture

VAST’s disaggregated, shared‑everything (DASE) architecture provides every CNode direct NVMe‑oF access to all data while managed Kubernetes schedules GPU workloads alongside data services. This delivers high throughput for RAG, vector search, and multimodal analytics – but it also demands consistent security best practices for identity, encryption, auditing, and network hygiene across the full fabric.

VAST’s Security Configuration Guide offers robust primitives – ABAC, immutable auditing, TLS 1.3 for management, FIPS‑validated crypto for data in flight/at rest, external KMS, and STIG‑aligned hardening.

The challenge in the field is ensuring these, and other organizational controls are configured correctly everywhere, continuously, and don’t drift across tenants, views, protocols (NFS/SMB/S3), and rapidly expanding AI services.

StorageGuard for VAST + NVIDIA: Security Posture Management for AI Storage

StorageGuard establishes a Hardened Configuration Baseline, composed of the VAST hardening guidelines, industry standards and cybersecurity frameworks, and then automatically identifies security misconfigurations and drifts from the target baseline.

Below are examples of high-impact controls StorageGuard continuously validates in VAST environments that host NVIDIA-accelerated AI workloads. StorageGuard ensures these target baseline controls are effectively deployed across the VAST Data environment and do not drift over time.

1) Identity, Roles, and Least Privilege (Zero‑Trust in practice)

• Federation to enterprise IdPs (AD/LDAP/SAML) with MFA for admin access
• Secure LDAP bindings (LDAPS/StartTLS), lockout thresholds, idle timeouts, API token limits
• Detection of unapproved local users and restriction of break‑glass accounts to emergency use with strong rotation
• Permissions are consistent and minimal

2) Encryption In‑Flight and At‑Rest (with EKM assurance)

• TLS 1.3 enforced for VMS/CLI/SSH, protocol endpoints, replication, and S3
• AES‑XTS 256‑bit encryption at rest enabled; KMIP connectivity to approved external KMS with valid CA and expiry tracking
• Per‑path encryption for sensitive AI datasets used by agents or training

3) Auditing & Forensics for AI Pipelines

• Global admin/system/protocol audit enabled with role‑based read access and retention aligned to policy
• Protocol audit on for NFS/SMB/S3 used by training, RAG ingestion, and vector stores
• Redundant NTP configured to preserve chain‑of‑custody

4) Network & Service Surface Reduction

• Removal of unused NFS/SMB/S3 endpoints
• Remote support and call‑home configuration with SSL verification and enforced TLS level
• API/Web exposure controls (e.g., CORS) reviewed and restricted

5) S3/Object Controls for RAG & Vector

• Anonymous access disabled, bucket versioning enabled, TLS‑only endpoints
• Secure replication for DR to prevent tampering or rollback of embeddings and training sets

6) NFS/SMB Guardrails for GPU Data Paths (POSIX)

• NFS rootsquash enforced, NFSv4.2 preferred, export ACLs follow least privilege
• Client IP ACLs scoped to GPU nodes and orchestrators only
• SMB access aligned to AD group policy with secure LDAP bindings and lockout thresholds

7) Control‑Plane Hygiene at AI Scale

• Approved DNS/NTP/Syslog/SMTP endpoints with redundancy
• KMS locality and redundancy to prevent key‑availability issues that can stall GPU jobs mid‑pipeline
• TLS level enforcement across control‑plane services

How StorageGuard Works for VAST Data

Discover
StorageGuard connects to the VAST VMS API with least‑privilege service accounts. It enumerates tenants, views, buckets, protocols, and security posture. And it collects effective configuration for identity, encryption, audit, and networking – no agents on GPU nodes.

Continuously Validate
Runs configuration checks against a selected configuration baseline policy to enforce security best practices – including TLS ciphers, ABAC permissions, MFA/SSO posture, KMS trust chains, protocol hardening, and replication security.

Prioritize & Remediate
Surfaces issues that create risk to AI workflows, mapped to Industry Standards (e.g. NIST, CIS, NERC CIP, HIPAA, DORA, NIS2, FFIEC, CRI, CISA and more). Applies hardening guidelines with either guided or automated remediation.

Example: Securing a RAG Pipeline on VAST + NVIDIA

1. Data ingestion lands unstructured files and PDFs into a VAST tenant; StorageGuard verifies encryption is enabled, key management method, CA, and cert expiry.
2. Embedding jobs run on NVIDIA GPUs via CNode-X; StorageGuard confirms NFS exports are scoped to GPU nodes only, with root squash and NFSv4.2.
3. Vector index persists as objects; StorageGuard ensures S3 anonymous access is disabled, versioning on, and TLS‑only replication to DR.

The outcome: GPU pipelines stay fast and compliant, with continuous evidence that storage controls match your AI risk tolerance.

Why This Matters for NVIDIA-Accelerated AI

The CNode-X approach collapses the gap between data and compute, allowing NVIDIA-accelerated vector search, SQL, and model services to run in place with the data. It’s a massive performance and productivity win—but it also means storage security = AI security. With StorageGuard, security teams gain continuous, evidence-driven assurance that the VAST Data platform underpinning their AI is encrypted, least-privileged, audited, and network-hardened—without slowing down GPUs or developer velocity.

Getting Started

• Pilot StorageGuard on a VAST tenant hosting AI data
• Choose a built-in hardened configuration baseline policy that meets you needs
• Run an initial baseline assessment, and review P1 findings
• Connect to ITSM (e.g. ServiceNow, BMC, etc.) to track security misconfigurations and configuration drift, as well as streamline remediation

AI is redefining the data plane. With StorageGuard, you can adopt NVIDIA‑accelerated VAST architectures confidently.

Discover the Recommended Security Baseline Checks for VAST Data Clusters: https://support.core6.com/hc/en-us/articles/25852419079196-VAST-Data-Clusters-Recommended-Security-Baseline-Checks

Contact us to learn more about StorageGuard for AI Storage

_____________________________________________________

Frequently Asked Questions (FAQ)

1. What is AI storage, and why does it need a hardened security posture?

AI storage refers to the data plane that feeds AI pipelines – training datasets, vector indices, embeddings, model artifacts, and unstructured content for RAG.

Because modern AI architectures (like VAST Data + NVIDIA) collapse storage, compute, and orchestration into the same fabric, any storage misconfiguration becomes a security, integrity, and model‑safety risk. Hardened storage ensures data confidentiality, integrity, availability, and compliance for high‑value AI workloads.

2. Why are NVIDIA‑accelerated VAST Data systems uniquely sensitive to misconfiguration?

VAST’s DASE architecture gives every CNode direct NVMe‑oF access to all data, while Kubernetes schedules GPU workloads next to storage services. This convergence creates high‑performance but tightly coupled environments where:

• Identity and access gaps can escalate quickly
• Misconfigured S3/NFS/SMB endpoints become exposed attack surfaces
• Weak encryption or incorrect KMS trust chains threaten model safety
• Drift can break compliance controls across tenants and protocols
• As a result, storage misconfigurations directly affect AI runtime security.

3. What security challenges do enterprises face when running AI workloads on VAST Data?

Common challenges include:

• Inconsistent identity and RBAC across tenants and protocols
• Unencrypted data paths between GPUs and storage
• Missing or incomplete audit logs used for AI forensics
• Unused or exposed endpoints (NFS, SMB, S3) expanding attack surface
• Versioning or replication gaps for RAG/vector data integrity
• Configuration drift as AI services scale out

Enterprises need continuous validation, not a one‑time setup.

4. How does StorageGuard help secure NVIDIA‑accelerated VAST environments?

StorageGuard provides Storage Security Posture Management (SSPM) purpose‑built for VAST by:

• Establishing a hardened configuration baseline using VAST hardening guides + industry frameworks
• Continuously detecting misconfigurations, vulnerabilities, compliance gaps, and drift
• Prioritizing issues by severity and aligning them to standards (CIS, NIST, NERC CIP, HIPAA, DORA, NIS2, etc.)
• Guiding or automating safe remediation
• This ensures VAST environments stay secure, compliant, and GPU‑ready.

The post Securing AI Storage: How StorageGuard Hardens NVIDIA‑Accelerated VAST Data Environments appeared first on Core6.

Security teams continue to invest in advanced controls, yet incidents persist. Gartner identifies the root cause clearly: controls exist, but they are misconfigured, drifting from baseline, or poorly optimized. To address this, Gartner introduced Automated Security Control Assessment (ASCA) – a technology category designed to continuously assess, prioritize, and optimize security controls to reduce exposure.

ASCA is becoming foundational to modern security programs. But most implementations overlook a critical domain.

The Storage & Backup Blind Spot

Storage and backup systems hold an organization’s most critical asset—its data—and are increasingly targeted by ransomware and extortion attacks. Compromising recovery infrastructure is often what forces ransom payment.

Yet storage and backup controls are typically:

• Assessed manually and infrequently
• Highly vendor‑specific and complex
• Outside the scope of traditional vulnerability, endpoint, or cloud security tools

This creates a dangerous gap: organizations believe controls are in place, while misconfigurations and drift silently increase exposure.

Gartner highlights configuration drift, weak defaults, and misaligned coverage as persistent drivers of breaches—problems that cannot be solved without automation.

ASCA Requires Domain‑Specific Intelligence

Gartner defines ASCA as agentless, API‑driven technology that continuously evaluates control configurations, maps them to frameworks and best practices, and supports prioritized remediation.

However, generic ASCA platforms lack the deep domain knowledge required for storage and backup environments, including:

• Vendor‑specific hardening guidance
• Ransomware protection and recovery controls
• Snapshot, replication, and immutability settings
• Compliance interpretation for data infrastructure

Without this depth, storage and backup remain outside continuous control assessment.

StorageGuard: ASCA for Storage and Backup

StorageGuard applies ASCA principles specifically to enterprise storage and backup systems.

Using authenticated, read‑only access, StorageGuard continuously collects configuration data and validates it against:

• Vendor security and hardening best practices
• Industry and regulatory standards (NIST, ISO, CIS, DORA, and others)
• Ransomware protection and recovery guidelines
• Organizational security baselines

This directly aligns with Gartner’s ASCA definition: continuous assessment, baseline drift detection, and prioritized remediation—delivered through automation rather than periodic audits or scripts.

From Findings to Real Risk Reduction

Gartner emphasizes that ASCA adds control context, enabling better prioritization and faster mitigation—not just more findings.

For storage and backup, StorageGuard provides that context by:

• Identifying misconfigurations that weaken recovery
• Detecting drift from approved baselines
• Highlighting exposure to vendor advisories and missing updates
• Delivering actionable, platform‑specific remediation guidance

The result is fewer blind spots and greater confidence that data infrastructure can withstand modern attacks.

Closing the ASCA Gap

ASCA adoption is accelerating as organizations struggle with security control complexity at scale. But any ASCA strategy that ignores storage and backup leaves a critical gap—exactly where attackers focus.

StorageGuard closes that gap, extending automated security control assessment to the systems that ultimately determine whether an organization can recover.

Frequently Asked Questions (FAQs)

What is Automated Security Control Assessment (ASCA)?

ASCA is a Gartner-defined technology that continuously evaluates security control configurations, detects drift from approved baselines, and prioritizes remediation using automated, agentless, API-driven assessments.

What major gap exists in most ASCA implementations?

Most ASCA platforms overlook storage and backup systems. These systems contain an organization’s most critical data and are often targeted by ransomware, yet they are rarely included in continuous control assessments.

Why are storage and backup systems hard to assess with generic ASCA tools?

Storage and backup technologies require deep vendor-specific knowledge, unique hardening guidance, and specialized recovery controls that generic ASCA platforms cannot interpret or validate.

How does StorageGuard apply ASCA principles to storage and backup systems?

StorageGuard uses authenticated, read‑only API access to continuously collect configuration data and validate it against vendor best practices, industry standards, ransomware recovery guidance, and organizational baselines.

The post Closing ASCA’s Biggest Gap: Storage and Backup Hardening appeared first on Core6.

This CISO Point of View article offers a curated, abridged view of our full Infrastructure Security Guide, featuring insights from leading CISOs on how enterprises are redefining infrastructure security in 2026. To read the full Guide, click here.

Section 1: Framing the Conversation — The Role of Infrastructure Security

How do you balance investment between traditional security domains (like endpoint or application security) and infrastructure protection?

Mark Thomson Deputy Group CISO Howden

“Conduct thorough risk assessments to identify critical assets and vulnerabilities, ensuring resources are directed where they mitigate the greatest impact. For instance, businesses heavily reliant on cloud services may prioritize infrastructure segmentation and identity controls over endpoint hardening.   Internal strategies and frameworks such as ISO 27001 and PCI-DSS reinforce this alignment by linking controls to business objectives and compliance requirements.   Beyond prioritization, investment needs to be balanced between prevention, detection, and response across endpoint, application, and infrastructure security.

Section 2: Real-World Priorities & Challenges

As infrastructure becomes increasingly hybrid and distributed, what are the biggest visibility or control challenges you face?

Gernette Wright Former IT Security Officer – Americas Schneider Electric

“Without a doubt, it’s about knowing where data is and who can access it. When you combine on-premises systems, multiple clouds, SaaS platforms, and older systems, it becomes hard to keep track.   Access control gets trickier because each platform handles permissions differently. This opens the door for privilege creep. When teams rush or do not follow proper procedures, over-provisioning often results.”   Another important aspect is knowing where the data came from, how it has changed, who worked with it, and whether the right permissions were in place at each step.   Without this traceability, accountability becomes unclear. It also increases security risks because sensitive information can unintentionally end up in systems not meant to store it.”

How do you ensure IT teams and security teams stay aligned on priorities and accountability?

Rick Doten Former VP Information Security Centene

“Priorities are easy, make sure that which is critical to the business is protected, resilient, and stable. We spend too much time chasing the priorities given by the tools or CVE scores without understanding business context and impact.   We have only statically evolved our prioritization based on external facing, or known exploit. But even that might not matter to the business, based on the specific platform.”

Section 3: Modernization & Transformation

Are traditional infrastructure security models still relevant — or do we need a new operating model for the modern enterprise?

Erdal Ozkaya CISO Morgan State University

“The old ‘Castle and Moat’ model? It’s gone. It’s comfortable to think, ‘If I secure the perimeter, the inside is safe,’ but it’s a lie.   We operate on Zero Trust now, which sounds like a buzzword, but it’s actually a mindset shift. It means I treat my internal corporate network with the same suspicion I treat the open internet. It’s paranoid, sure, but in this job, paranoia is a virtue. We assume the bad guy is already inside.”

How do you approach securing “invisible infrastructure” — the underlying systems that run across hybrid cloud, APIs, and automation pipelines?

Girish Kulkarni CISO Aurionpro	“Invisible infrastructure requires security by design. This includes API security gateways and runtime protection, CI/CD pipeline hardening with secrets management, and Infrastructure-as-Code (IaC) scanning before deployment”
Matthew Lang Former CISO State Employees’ Credit Union (SECU)	“As far as hidden IT outside the organization, you need extremely good contracts with all 3rd parties – including the right to scan for weaknesses.”

Section 4: Storage & Backup — The Last Line of Defense

Storage and backup systems are often overlooked but critical in cyber resilience. How do you ensure they’re properly secured?

Gernette Wright Former IT Security Officer – Americas Schneider Electric

“From my perspective, backup systems are arguably the most critical piece of your BCP and DR strategy. Outside of cost, there are two other critical areas I look for: immutability and speed of restoration.   On the operational side, these backup systems must be tested. I ensure regular restorations are done quarterly and a full restore done annually of a critical system or systems.   Storage security addresses the same fundamentals, encryption, access control, patching, and monitoring. It’s important to make sure the storage platform is properly secured through encryption, tight access control, patching, and monitoring, and that sensitive data isn’t being copied to locations that weren’t meant to hold it.”

Bob Turner Former CISO Penn State University and University of Wisconsin-Madison

“To think about the future, you have to go back to basics: where is your information actually kept?   Your primary data lives in central storage systems that people use to do business. Today, backup systems are also often kept online in some form, which can be risky.   Any primary data source that is critical to the enterprise needs either an offline backup or a very well-isolated backup.   Enterprises that are doing this well aren’t usually talking about it publicly, but they’re quietly adopting the best security controls the industry can provide. If you’re not there yet, that’s where you need to be heading.”

Do you see a growing convergence between infrastructure reliability and cybersecurity — especially when it comes to data protection and recovery?

Mark Thomson Deputy Group CISO Howden

“There is certainly an increasing convergence between infrastructure reliability and cybersecurity, particularly in data protection and recovery.   Traditionally, disaster recovery focused on physical resilience while cybersecurity addressed digital threats, but today these domains intersect as cyberattacks can disrupt critical infrastructure as severely as natural disasters.   Organizations need to embed cybersecurity into resilience frameworks, aligning backup strategies with business continuity plans, and leveraging technologies such as Zero Trust and cyber-resilient storage to ensure operational continuity under attack conditions.”

Girish Kulkarni CISO Aurionpro

“Absolutely. Cybersecurity and reliability are now inseparable. Ransomware has made backup integrity a security priority.   We integrate cyber resilience metrics into business continuity planning.”

Section 5: Looking Ahead — Future of Infrastructure Security

What new trends or technologies do you think will most impact Infrastructure Security in the next 2–3 years?

Mats Nygren Former VP Information Security U.S. Bank

“Resilience will be regulated and require measurability –disclosure requirements and market pressure will make resiliency a board-level expectation.   Recovery time, identity hygiene, and cloud posture drift will become quantitative indicators of infrastructure security maturity.   Infrastructure security will be judged not only on how well it prevents incidents, but how well it recovers from them, in addition to driving value for the business.”

Click here to read the full CISO Point of View Guide

The post Lessons from CISOs – 2026 Infrastructure Security Outlook appeared first on Core6.