Choosing between Object Storage and Block Storage for Security

Ry Vee
Nerd For Tech
Published in
5 min readOct 5, 2018

--

Block Storage and object storage have different use cases. We won’t categorically state which one is better as the answer depends on your project’s particulars. What we will do in this article is compare these two storage options in terms of how secure your data is in either of them.

We will first briefly discuss the characteristics of Block Storage and Object Storage. Then, we will dive into the inherent vulnerabilities present in data centers and how each of these storage modes mitigates them.

What Is Block Storage?

Image source

Block Storage is essentially a group of hard drives connected through a fiber-optic network. It is also called a storage area network (NAS for short).

Data is split into blocks (thus the name “block storage”) and stored in different clusters in the storage medium. The data blocks may be split into different clusters. The applications needing such data blocks will have to access them through their unique addresses.

How data gets split into blocks and which clusters each block goes into is handled by independent software.

Block storage is mainly used for data that is structured. It offers a way for such data to be changed. It performs input/output operations consistently. Thus, it is an ideal choice for applications such as databases that require such consistency.

What Is Object Storage?

Image Source

In object storage, data is stored as objects. Each object contains the actual data, or the blob, and a portion of metadata. The metadata includes a unique identifier for each object called a UUID (universally unique identification) that allows quick access to data.

In contrast to block storage, where accessing each piece of data may require several steps (if each cluster is mounted in a file system, for example), object storage access is quick and easy.

Another major advantage of object storage is that the data need not be structured. This makes it ideal for storing multiple types of data such as images, videos, notes, etc. It is also perfect for storing high volumes of data as you can store virtually unlimited amounts.

The only drawback to object storage is that you cannot update the data already stored. The only way to change the data already in the storage is to add a new version of such data and refer your application to the new UUID so it may grab the updated version.

Inherent Vulnerabilities in Data Centers

There are several ways attackers can hijack data and sabotage a storage network. Threats come in three different levels that vary depending on the attacker’s motive and its complexity.

Level 1 attacks can create havoc in terms of security and are not caused by a malicious person gaining access to the storage system. They are caused mainly due to personnel incompetence at best and negligence at worst. For instance, wrong configurations may cause unauthorized personnel to access data they shouldn’t be able to.

Level 2 attacks are those done with the actual intention of hacking a data center. The motive may be to access and steal data or to destroy the data altogether. An example of such an attack would be when the attacker takes on the identity of someone with access and data manipulation authority.

Level 3 attacks are what great sci-fi/hacking movies are made of. While not very common, the magnitude of the damage these can cause is enormous. Level 3 attacks are made with utmost sophistication, and massive technology is involved. Thus, it only happens when the attacker is a big entity in itself (capable of investing in the requisite infrastructure and technology).

In each case, attacks can come from several sources. They can result from unauthorized access (can be either a Level 1 or Level 2 attack). Then we have data sniffing, where the attacker taps into the network traffic and can copy data being transferred over the network.

As the business value of the data stored increases, we see huge investments made to secure them. For instance, aside from software measures, we see physical security solutions being employed for database locations.

How block storage mitigates these threats

Data encryption and mirroring are the two most important safeguards in Block Storage systems. Unauthorized access and data sniffers can’t get much from data they steal if they cannot make sense of it. Also, for those who intend to destroy datasets, a robust backup/mirror of such data will ensure that inconveniences to the organization remain minor.

The only drawback of encrypting data is that if the attacker performs brute force methods to determine the corresponding decryption key, they will still be able to reveal the actual data. Backup/mirrored data is also at risk once the attacker identifies how to access it.

How object storage mitigates these threats

Object Storage systems have good API support. Developers can easily integrate any feature into their APIs, including stronger security measures. One such method is called the write once read many (WORM), which guards against ransomware attacks. The tried and tested way to counter this kind of attack is backing data up. But even such backup data can be susceptible to the same attacker.

Some Object Storage companies provide object lock technology, which allows easy incorporation of the WORM technology. What WORM does is allow companies to have copies of backup data that are immutable for a set period. Ransomware attackers, therefore, won’t be able to manipulate such backup copies.

Conclusion

While security needn’t be the primary motivation for selecting which storage technology to use, it should be a major factor. For instance, databases mostly use Block Storage but can benefit from having a “worse-comes-to-worst” backup stored in an object storage facility (employing WORM).

Originally published at https://hackernoon.com on October 5, 2018.

--

--

Ry Vee
Nerd For Tech

Creator Solopreneur | Software engineer | Loves writing about tech, business and finance | Believer in Jesus Christ | https://linktr.ee/engtrep