The Most Secure Data Storage on the Market


Terastation in front of a red and black honeycomb background

To curb the rising threat of cyberattacks, ransomware, and industrial espionage, modern enterprises large and small now need reliable and secure data storage in place in order to protect their essential business data as well as sensitive customer data. The boost in file security is especially essential for selective industries such as healthcare, where new regulations now mandate strict data security measures with regards to private user data.

Many small- and medium sized organizations use network attached storage (NAS) devices to store, back up and share data. Buffalo, a leading manufacturer of NAS solutions, has always recognized that data protection is of the utmost priority for any business. Buffalo combines robust file security technologies such as AES encryption and anti-theft innovations such as boot authentication to bring you the most secure data storage solutions on the market.

Closed System

Closed System - One of the most significant features to highlight is that Buffalo NAS systems are closed and not even the system administrator has root rights. Most competitors’ devices allow third party apps to be installed via an app store, Which is a possible vector for malware, spyware, and other viruses. The TeraStation only allows connections to available network services, which you can still limit to the ones you really need and use by enabling/disabling them per LAN port and service thus minimizing the risks further.

Secure Set Up

Secure Set-up - Security starts with the setup. Buffalo has always allowed for local setup with TeraStation. It is not necessary to have an internet connection for the setup or to create an account (as with other vendors).

Anti Theft Features

Anti-Theft Features

Software Protection: Boot Authentication (TS3010, 5010, & 6000 Series) - When the TeraStation unit boots up, it can be configured to require a boot authentication process by linking it over a local network or VPN with a Windows server or PC with the boot authentication management tool installed. If the server is not present or the unit is not registered to the authentication management tool, the Terastation will not boot and the data cannot be read, preventing a stolen unit from being readable in any circumstance. This will prevent the unauthorized boot-up or reset of a stolen TS device. With the boot authentication management tool installed on a Windows PC, you can manage multiple TS units, resulting in speedier trouble shooting. Boot Authentication leverages 256-bit AES encryption to ensure strong security.

The “Reset button” can be disabled (also on older models without Boot Authentication), which ensures that the unit cannot be used when removed without permission.

Physical Theft-Protection - All TeraStation units (desktop and rackmount) feature Kensington lock compatibility. In addition, the desktop versions have lockable doors that prevent the disks from being taken out of the unit without the key.

Data Encryption

Data Encryption

Disk Encryption: TeraStation offers the option to encrypt the drives with AES 256-bit strong encryption. Therefore, even when HDDs are taken out of the unit, they cannot be read by PC or on other TeraStation units. 

Encrypted data transfer: When accessing the TeraStation via remote management or WebAccess the connection can be established by using HTTPS, which guarantees encrypted data transfer. In addition all TeraStations support SFTP (SSH File Transfer Protocol), which enables secure file transfer capabilities between networked hosts.


Passwords - TeraStation management requires an administrator password, and file access can be password restricted as well. The TS3010 and TS5010 series also support Access Control List (ACL) for subfolders and individual files. Compared to simple access right control, ACL enables very finetuned management of who can access what. Backup and replication passwords prevent a secondary NAS of seeing or using the TeraStation for any backup or replication purpose.

Anti Virus

Anti-Virus* - By turning on the virus scan feature, virus spreading over the network is prevented. In case a vulnerable PC gets connected to the network and sends virus-infected data onto the TeraStation, the virus gets automatically detected by the TeraStation and quarantined to a segregated folder and prevents the infection to other clients.

* TS3010 & TS5010, sold separately

Backup, replication, failover and encryption

Backup, replication, failover and encryption - While a backup is not exactly a security feature, it is a measure to protect yourself from data loss in case of a defect or attack on your system and essential for any business or private user. TeraStations offer plenty of options to secure your data in a safe way – backup (via USB or network), replication, encrypted replication, backup or replication via Rsync with SSH (encrypted file transfer), failover, cloud backup. 


Snapshots are the perfect complement to your secure backup strategy by providing a hassle-free, short-term backup and restore method. A snapshot essentially creates a copy of the system data at a given point in time; when needed, you can use a snapshot to revert data to the state when the snapshot was taken. Snapshots can be easily created and restored from during normal business operation, without any downtimes or system disruption. Snapshots can also help you combat ransomware - in the event malware encrypts your files, snapshots can help save the day by allowing you to immediately recover those files to an earlier point in time, before the infection, effectively saving you the time and money to have to perform a full restore. Snapshot is only available on TS6000.

Would you like to learn more about our solutions? Join our email list! Benefits include:

  • First access to free webinars and giveaways
  • Invitations to special events
  • Updates and information on our products