Nov 04 2020

Object vs. File Storage: Which Is More Secure?

As government IT leaders evaluate object and file storage solutions they must prioritize security.

Object storage and file storage have coexisted, and at times competed, with one another over the past decade.

While object storage is extremely scalable and easily accessible from any location, file storage is simple and ideal for file sharing and local archiving of smaller data volumes.

As state and local governments evaluate object and file storage platforms to determine which architecture they should choose to manage their data going forward, one differentiator is becoming increasingly important: security.

The Security Benefits of Object Storage

Generally speaking, object storage offers finer-grained and more flexible security capabilities than file storage. There are several reasons for this, but it mainly comes down to richer API support.

Object storage supports a broad range of APIs, while file storage only supports a handful of APIs. Because of its rich API support, including support for homegrown APIs, object storage systems can be tailored to deliver customized security features. With object storage, different encryption algorithms and key management methods can be selected, and different access policies can be applied at the object, bucket or user/group levels.

The ability to ensure data security is critical for local and state governments. According to an August 2020 report from BlueVoyant, cyberattacks on state and local governments have increased by 50 percent since 2017. Various state and local governments have been victims of high-profile cyberattacks in recent years. The majority of these were ransomware attacks, which pose the greatest cybersecurity threat to the public sector today, including surging costs. The BlueVoyant report found that the average ransom for state and local governments rose from $30,000 in 2017 to $380,000 today.

Object storage’s flexible API support has made it particularly effective for combatting ransomware attacks. Several object storage systems have recently added a new anti-ransomware capability called Object Lock. Object Lock incorporates WORM (write once, read many) technology within a highly cost-effective storage system, protecting against ransomware attacks through data immutability.

It enables governments to create backup data copies that cannot be changed for a minimum period of time, making it impossible for hackers or malware to encrypt, alter or delete these backups and guaranteeing that a safe copy will always be available for recovery. With backup data immutable, governments are essentially immune from the impacts of a ransomware attack.

On the other hand, file storage’s limited API support prevents it from being able to quickly integrate emerging features such as Object Lock. So, although there are file storage solutions that support WORM, it’s more costly to implement and more difficult to manage.

Cyber Insurance May Not Save Governments After Ransomware Attacks

Some local and state government CIOs may feel a lack of urgency in upgrading their storage infrastructure for better ransomware protection, thinking they can just fall back on their cyber insurance to cover ransom costs in the case of an attack.

However, cyber insurers are increasingly refusing to cover ransoms when they find that clients have not taken sufficient measures to protect themselves. For example, the government of Jackson County, Ga., had to foot its entire $400,000 ransom bill after their insurer contested their claim. Some insurers are now mandating that clients have immutable data storage before they agree to pay for costs associated with a ransomware attack. In these cases, object storage–based Object Lock represents an ideal solution.

Ransomware currently poses the worst cybersecurity risk for governments, but in five years, a different threat could emerge. With rich support for APIs, object storage platforms can easily add capabilities to protect against new threats.

Moreover, using object storage, governments can develop their own custom APIs to deliver whatever security features they want. In contrast, file storage doesn’t provide the same flexibility to mitigate today’s biggest security threat or whatever threats may emerge in the near future.

LEARN MORE: Find out how states can best quantify cybersecurity risks.

3alexd/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.