Storage Security: The SNIA Technical Tutorial

Storage network security is a relatively new subject, but one that is rapidly gaining in importance in the minds of both users and product developers. This increase is born of a general realization of the increasing importance and value of the information held in on-line systems, and of the separation of processing and storage functions enabled by the development of storage area networks (SANs). Information security is, of course, not a new subject. A brief introduction to the history of cryptography and other techniques for securing communication will be presented in this booklet. But while storage network security seeks to learn from the application of similar techniques to communications security in general, and to network security in particular, it has some unique requirements that will necessitate the development of new and specialized techniques. Though the development of such techniques is in its infancy, this booklet will summarize the current state of the art. This booklet was conceived as an educational resource for the members of the Storage Networking Industry Association (SNIA), and other designers, product strategists, and developers within the storage and SAN industries. SNIA’s mission is “to ensure that storage networks become efficient, complete, and trusted solutions across the IT community.” Clearly, that mission cannot be achieved unless the SNIA membership is able to employ the best technologies, techniques, and practices to create storage networking products. Therefore, an important part of SNIA’s mission is the education of its members, and this booklet forms one part of many initiatives in this area. The intended audience of this booklet includes people who are storage literate, but not necessarily security literate. Thus, although this booklet provides an introduction to a number of security techniques, it is not a storage network primer.

Table of Contents

1. Introduction
2. Definition of Terminology
3. A Brief History of Cryptography
4. Standard Security Tools and Approaches
5. Storage System Risk Assessment
6. Current SAN Security Tools and Practices
7. Future Security Tools
8. Summary
9. Appendix A Referenced Standards
10. Appendix B Recommended Bibliography

To read the PDF formatted document, click here.

To obtain permission(s) to use material from this work, please submit a written request to SNIA, Permissions Department, 4410 ArrowsWest Drive, Colorado Springs, CO 80907-3444. For information regarding permissions, call (719) 694-1380.

Photography, illustration, and text incorporated into SNIA printed publications are copyright protected by SNIA or other owners and/or representatives. Downloading, screen capturing or copying these items in any manner for any use other than personally viewing the original document in its entirety is prohibited.

Notice to Government End Users: SNIA software and documentation are provided with
restricted rights. Use, duplication or disclosure by the Government is subject to the restrictions set forth in FAR 52.227-19 and subparagraph (c)(1)(ii) of Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.