Home How storage arrays help build digital resilience under the NIS2 Directive

How storage arrays help build digital resilience under the NIS2 Directive

Czas czytania17 min czytania

NIS2 — Why Digital Resilience Has Become an Obligation

The NIS2 Directive is the European Union’s response to the rapidly growing scale of cyber threats. This is particularly important because IT systems now operate within organizations that are critical to the functioning of EU Member States, as well as within entities that have a significant impact on the development and stability of the internal economy.

NIS2 replaces the previous NIS Directive, significantly expanding the scope of entities covered by regulation and raising requirements in the areas of risk management, business continuity, and data protection. IT infrastructure security and the implementation of best practices are therefore essential for meeting NIS2 requirements.

In Poland, the implementation of NIS2 is being carried out through an amendment to the Act on the National Cybersecurity System. The Directive introduces a distinction between essential and important entities — but in both cases, organizations are expected to take real, not merely declarative, action in the areas of cybersecurity and business continuity.

Risk management and the implementation of appropriate technical measures should be based on proven solutions and cybersecurity strategies that ensure effective protection of IT infrastructure.

Key obligations include, among others, risk management, the implementation of appropriate technical and organizational measures, infrastructure monitoring, incident reporting, and maintaining the continuity of services that are essential from the perspective of state and citizen security.

It is this last area — business continuity — that represents one of the most important points of connection between NIS2 and storage infrastructure, including storage arrays. The IT department and business partners play a key role in meeting these obligations, as does employees’ sense of responsibility for the organization’s security.

NIS2 requires organizations not only to create documents, such as policies and procedures, but also to provide evidence of effective implementation. This includes business impact analysis, defined RTO/RPO parameters, and regularly tested business continuity plans.

Organizations must deal with limitations such as budget constraints and the availability of qualified personnel, while at the same time following security principles to effectively protect their assets. Data is becoming one of the most important organizational resources, and its availability and integrity are now directly linked to regulatory, financial, and reputational risk.

NIS2 covers a broad range of activities and requires a comprehensive approach to IT infrastructure security.

Business continuity in the context of NIS2 — what does it mean in practice? 

Business continuity in the context of NIS2 refers to an organization’s ability to maintain or quickly restore critical business processes in the event of a failure, cybersecurity incident, or any other disruptive event. This means that downtime affecting key IT systems — including systems that store and process data — must be limited to a level acceptable from both a business and regulatory perspective. In addition to business impact analysis, it is essential to identify threats and critical processes that may affect business continuity.

The foundation is a business impact analysis, which identifies critical processes, the systems that support them, and acceptable RTO and RPO parameters. RTO, or Recovery Time Objective, defines the maximum acceptable downtime of a service, while RPO, or Recovery Point Objective, defines the maximum acceptable data loss measured over a specific period of time, such as hours or days.

These two indicators quickly lead to questions about data storage architecture and the expected capabilities of storage arrays. In other words, properly defining RTO and RPO makes it possible to design IT infrastructure in a way that ensures the required level of data security and availability.

NIS2 also emphasizes the need to regularly test and update business continuity plans and report readiness status to the relevant supervisory authorities. From an IT perspective, this means that high availability mechanisms, data replicas, disaster recovery failover procedures, and data recovery processes cannot exist only “on paper”. They must be verified in practice and supported by logs, test reports, and post-implementation documentation.

In addition, preventive measures are essential, including the implementation of security controls, employee training, and regular audits that help minimize the risk of incidents.

It is important to emphasize that business continuity applies not only to application systems, but to the entire supply chain — including ICT service providers, data centers, backup solutions, and cloud services. As a result, the way storage arrays are designed and maintained — both on-premises and in a service model — has a direct impact on meeting NIS2 requirements.

Physical security and endpoint security in the context of storage arrays

Physical security and endpoint protection are an important pillar of data protection and IT infrastructure security, especially in environments based on storage arrays. In practice, this means implementing solutions that not only protect the devices themselves against unauthorized access or damage, but also secure all endpoints that interact with data — from servers to users’ computers.

In terms of physical security, it is crucial to restrict access to rooms where storage arrays and other IT infrastructure components are located. Implementing access control systems, video monitoring, and physical safeguards such as server racks or safes for data carriers significantly reduces the risk of theft, sabotage, or accidental equipment damage. Regular physical security audits and procedure reviews make it possible to continuously identify and eliminate potential security gaps.

Endpoint security is equally important, as endpoints are often the weakest link in the data protection chain. Implementing advanced antivirus software, threat detection systems, and network traffic monitoring tools helps effectively protect endpoint devices against malware, phishing attacks, and unauthorized access attempts.

Regular cybersecurity education for employees is also critical. Training on threat recognition, secure password practices, and incident response should be a permanent element of every organization’s security policy.

In the context of storage arrays, data recovery procedures and business continuity must not be overlooked. Properly prepared contingency plans, regular data recovery tests, and the implementation of encryption and access control solutions ensure that even in the event of a failure or security breach, the organization will be able to quickly restore key services and minimize the risk of data loss.

Implementing comprehensive solutions in the areas of physical security and endpoint protection — combined with infrastructure monitoring, data encryption, and effective incident response procedures — enables organizations not only to ensure compliance with applicable regulations, but above all to build real digital resilience.

These activities form the foundation of effective data protection, IT infrastructure security, and business continuity in the day-to-day operations of every modern organization.

Storage arrays as the foundation of data resilience 

In modern organizations, storage arrays serve as central data repositories. They store databases for transactional systems, virtualization environments, virtual machines as an essential element of modern storage infrastructures, user file systems, backup repositories, and software as a key component of IT infrastructure.

From the perspective of NIS2, this means that a failure or unavailability of a storage array may immediately result in the unavailability of critical services, and therefore in a potential breach of the Directive’s requirements.

Modern storage arrays are no longer just “data storage space”. They are advanced platforms that provide high availability, data protection, business continuity mechanisms, and integration with security solutions. Increasingly, they use modern technologies such as artificial intelligence and machine learning, which enhance storage array security by automating threat detection and anomaly analysis.

Many of these capabilities — including replication, stretched clusters across locations, immutable snapshots, and backup integration — directly support NIS2 requirements in the areas of business continuity and resilience against cybersecurity incidents. In addition, key data protection mechanisms include encryption and authorization, which protect data against unauthorized access and leakage.

The choice of a storage array should therefore take into account not only capacity and performance, but also aspects such as platform reliability, the reputation and stability of the manufacturer, 24/7 support availability, security certifications, and the experience and competence of the provider implementing the solution.

It is worth considering the best solutions available on the market, as well as the need for proper configuration and the use of load balancers to ensure high availability and optimal workload distribution. These elements determine whether the storage array will become real support in building digital resilience, or simply another “risk area” within the infrastructure.

Key threats should also be taken into account, including malware and insider threats, which may affect the security of stored data.

The platform’s ability to scale and evolve is also significant — for example, by adding additional nodes, expanding cloud capabilities, or integrating with orchestration and automation systems. In this context, networks and data centers also play an important role, as they ensure business continuity and enable effective response to security incidents.

The NIS2 Directive assumes that threats will continue to change and evolve. For this reason, storage infrastructure must be ready to adapt to new requirements, rather than remain limited by rigid technological frameworks.

It is also important to remember the broad scope of cybersecurity, which includes both technologies and procedures, as well as the significant role of employees and users in maintaining IT infrastructure security.

A properly selected storage array is an important element of IT infrastructure and one of the best solutions for organizations that prioritize data security.

Storage array features supporting IT infrastructure security, business continuity, and NIS2 Compliance

Storage array cluster across two locations

One of the most effective ways to secure business continuity is to build a storage array cluster stretched across two independent locations, such as two data centers. Data centers are key locations for data storage and form the foundation for Disaster Recovery procedures and redundancy.

This type of architecture makes it possible to maintain data availability even in the event of a serious failure at one site, caused by a power outage, flood, fire, theft, or infrastructure damage.

In active-active configurations, both locations can handle production workloads simultaneously. If a problem occurs at one site, the system automatically redirects traffic to the other location, minimizing RTO and eliminating the need for manual administrative actions.

A load balancer plays a key role here in optimizing availability and performance by automatically distributing network traffic and redirecting it in the event of a server failure.

This architecture is a strong argument in the context of NIS2, as it makes it possible to demonstrate the technical ability to maintain critical services even during a serious incident in one of the data centers. High-availability clusters often use virtual machines that work together with servers to ensure data synchronization and service continuity.

When designing this type of architecture, particular attention should be paid to the proper configuration of wired and wireless networks, as correct configuration has a direct impact on security and service availability for end users. Networks are a key element that requires monitoring and protection at every stage of IT infrastructure operation.

In summary, a storage array cluster is an important element of IT infrastructure, ensuring high availability and data security.

Synchronous and asynchronous replication 

Data replication between storage arrays is one of the foundations of a business continuity strategy. In synchronous mode, data is written to the primary and secondary storage arrays simultaneously, which makes it possible to achieve virtually zero RPO — data in both locations remains consistent at all times.

However, this requires low latency and high link bandwidth, which is why synchronous replication is usually used over relatively short distances. Choosing the right type of replication should be part of broader security and business continuity strategies, taking into account the specifics of the infrastructure and the organization’s requirements.

Asynchronous replication allows for greater distances and more flexible replication windows, but at the cost of accepting some potential data loss in the event of a failure, meaning RPO greater than zero.

From the perspective of ransomware attacks, the time gap between the state of data on the primary storage array and the copy on the secondary array can sometimes be beneficial. In extreme scenarios, it may enable the organization to restore the environment from a point in time before the data was encrypted — before malicious changes are fully replicated.

Preventive measures, such as regular backup testing, implementation of security policies, and employee training, are essential to minimize the risk of data loss as a result of incidents.

When designing an architecture aligned with NIS2, it is important to consciously define RTO and RPO and select the appropriate type of replication for specific systems. Financial systems, supporting applications, and test environments may each have very different requirements.

It is also good practice to document and test failover procedures to the secondary environment, as this directly supports NIS2 obligations related to business continuity. Incident response and the identification of key risks associated with replication — such as hardware failures, human errors, or cyberattacks — should be an integral part of the organization’s security policy.

Requirements may vary significantly between systems, which is why the replication architecture should be flexible and adapted to the specifics of the environment. Technical and organizational limitations, such as resource availability, budget, and regulatory compliance, should also be taken into account, as they may affect the selection and implementation of replication solutions.

In other words, a properly selected storage array replication strategy is a key element of effective data protection and IT infrastructure security.

Immutable snapshots as protection against data loss

Snapshots have been a standard data protection mechanism for years, enabling organizations to quickly return to a specific point in time. However, with the growing scale of ransomware attacks, immutable snapshots are becoming increasingly important. These are often based on WORM mechanisms, or Write Once, Read Many.

It is worth emphasizing that the effectiveness of snapshots depends on following proper snapshot retention principles and implementing strong access authorization mechanisms, which reduce the risk of unauthorized changes or deletion of snapshots.

Immutable snapshots are snapshots that cannot be deleted or modified for a defined period of time — even by users with administrative privileges. In practice, this means that even if an attacker gains access to an administrator account and attempts to delete backups or snapshots before encrypting production data, WORM-protected snapshots remain intact until their retention period expires.

Snapshot encryption provides an additional layer of protection, securing data against unauthorized access and information leakage.

An administrator can define a schedule for creating such snapshots — for example, every hour or every few hours — as well as their retention period. When flash storage is used, data recovery from a snapshot is usually very fast, which significantly reduces RTO and enables a quick return to the pre-attack state.

Machine learning and artificial intelligence are also increasingly used to automatically detect malware, enabling faster threat response and minimizing the impact of an attack.

Of course, this solution is not a backup and should not be treated as one. However, it provides a highly effective layer of short-term protection, especially when combined with replication and traditional backup copies.

Importantly, the use of immutable snapshots is aligned with ransomware resilience best practices and is increasingly indicated as a required or recommended element in highly regulated environments. For organizations covered by NIS2, this can be an important way to demonstrate that implemented technical measures effectively reduce the risk of losing data integrity and availability.

Snapshots also play an important role in the broader scope of cybersecurity, supporting comprehensive IT infrastructure protection against modern threats.

Integration with backup and DR plans in the context of data recovery

Storage arrays usually do not operate in isolation. They are integrated with backup systems, as well as with tools for orchestrating recovery after a failure, known as Disaster Recovery.

NIS2 emphasizes the need for multi-layered data protection, including regular backups stored in a way that is resistant to modification and failure. Modern solutions and technologies, such as automation, cloud services, and artificial intelligence, support backup and DR, improving both security and the efficiency of data protection processes.

A well-designed architecture therefore combines storage-level snapshots, replication to a secondary location, and backup to an independent environment — often with an additional WORM layer in the backup repository.

Proper configuration of wired and wireless networks is also essential, as is the use of load balancers to optimize backup traffic distribution and the selection of the right data center location. These factors affect the reliability and security of the entire solution.

This model significantly increases the chances of fast and effective data recovery, even in the case of complex incidents, which is crucial from the perspective of business continuity required by NIS2.

In the event of data recovery after a failure, cooperation with business partners is also important in order to ensure the security of the entire supply chain and uninterrupted access to data for end users.

As a result, backup and DR solutions help guarantee high availability of resources even after serious incidents.

Business benefits of choosing the right storage array in the context of NIS2 

Investing in a properly selected storage array and the related data protection architecture is not only an infrastructure project. It is an element of risk management strategy and digital resilience building across the organization.

By choosing the best solutions available on the market, an organization can gain a broad range of business benefits, covering both security and operational efficiency. Reducing downtime of critical systems directly translates into lower financial losses, continuity of customer service, and reputation protection.

Meeting NIS2 requirements in the areas of business continuity and data protection also helps minimize the risk of administrative penalties and negative audit results from supervisory authorities.

At the same time, the organization gains an opportunity to structure processes related to risk management, DR planning, and cooperation with ICT service providers. It is also worth identifying the main threats to IT infrastructure and emphasizing the role of employees and their responsibility in effective risk management. Training, communication, and awareness-building are key in this area.

From the perspective of management boards and those responsible for security, the key point is that well-designed storage infrastructure — based on enterprise-class storage arrays, a proven manufacturer, and an experienced implementation provider — becomes a foundation for executing a security strategy, not merely an IT maintenance cost.

Compliance with security principles is also an important element of effective protection, as it helps build a culture of responsibility within the organization.

In addition, cybersecurity is becoming a source of competitive advantage, while investments in this area make it easier to justify budgets for modernization and infrastructure expansion projects. They show a direct connection between technology investments, regulatory requirements, and business resilience.

In a world where cybersecurity incidents are a matter of “when”, not “if”, storage arrays play the role of one of the most important elements in building digital resilience in line with NIS2. They give organizations a real ability to protect, restore, and maintain the availability of their most valuable asset — organizational data.