2016 DSS Summit Abstracts

Break Out Sessions and Agenda Tracks Include:

Note: This agenda is a work in progress. Check back for updates on additional sessions as well as the agenda schedule.

Keynote Speakers/General Sessions

The Changing Standard of Care for Storage

Eric Hibbard, Chair SNIA Security Technical Working Group, CTO Security and Privacy HDS

Abstract

The changing regulatory, statutory, and legal requirements for data security and privacy are imposing new standards of care on storage owners, managers, and administrators. Addressing these requirements in storage implementations can be challenging and necessitate the use of technologies and approaches that are unfamiliar to storage practitioners. The situation can be further complicated when cloud computing, big data, IoT, etc. needs must also be addressed. Understanding some of the current trends and best practices can go a long way in meeting an organization’s obligations while protecting it from data breaches or other liabilities.

This session explores some of the more pressing requirements and issues that are likely to confront storage practitioners. Many of the applicable solutions and approaches will be touched on and will be addressed in other sessions during the SNIA Data Storage Security Summit.


Internet of Things, Big Data, Storage Security and...The New Vectors for Product Liability and Class Actions

Steven Teppler, Partner, Abbott Law Group

Abstract

With 20 billion connected devices expected to be in use by 2020, the Internet of Things (IoT) has emerged as a source of both incredible versatility and incredible susceptibility to mass legal liability. Left crushed behind the rush to “market and monetize” steamroller are coding standards, security (including IoT storage security) standards, and other “future-proofing” or “future-immunizing” measures typically adopted by manufacturers to prevent or minimize the potential for product liability on a mass basis. This keynote will discuss why manufacturers, developers and vendors must gain clear understanding of how IoT devices (and services) impact large segments of the population, and further understand how to mitigate or minimize the inherent susceptibility to defects and exploits to massive legal and financial liability.


Panel: Storage & EKM: The Real Story – Q&A with KMIP Storage Vendors

Moderator: Tony Cox, Director Strategy & Alliances, Cryptsoft

Panelists:
Tim Chevalier, MTS, NetApp
Sherif Fares, Senior Security Product Manager, Hitachi Data Systems
Chuck White, CTO, Fornetix

Abstract

Representatives from a range of established KMIP conformant storage vendors answer questions from the moderators and from the audience on various aspects of encryption, standardised key management via KMIP and some of the deployment issues and opportunities brought about through enterprise key management.


Key Management and the Storage Eco-system

Tim Hudson, CTO, Cryptsoft

Abstract

Security and Storage covers a diverse range of technologies and approaches that can make it challenging to distill a workable strategy from the mix of architectures, tools, techniques, recommendations, standards and competing vendor solutions. Guidance on how to contrast the various security approaches in storage and evaluate the right mix for your specific problem domain forms the majority of the material covered in this session.


Managing Data Security for Storage of High Value Content

Robert Wann, Founder, President & CEO, Enova Technology Corporation

Abstract

As Cybersecurity shifts from the “best practice” environment to being mandated by regulations and prioritized by the high costs for data breaches, IT groups and data center operators are facing multiple challenges. One of these challenges is how to address the security of a mix of legacy storage devices, unencrypted devices, encrypted devices, new technology storage and eDrives in a single environment. Yet another challenge is how to construct a robust, trusted identity-based authentication (or role-based authentication or as a matter of coming the two) to fend off malware and Trojan infection. A system solution that can simplify the security management of mixed drives with high valued data content will be presented. The solution has at least one smart hardware interface controller that performs all security features internally while offers in-line cryptographic performance without degrading data rate.


Panel: Enterprise Key Management: The Real Story – Q&A with EKM Server Vendors

Moderator: Tony Cox, Director Bus Dev, Strategy & Alliances, Cryptsoft

Panelists:
Liz Townsend, Director of Business Development, Townsend Security
Bob Lockhart, Chief Solutions Architect - Thales e-Security
Nathan Turajski, Sr. Product Manager, HPE Security
Rick Robinson, Offering Manager, Encryption and Key Management, IBM Security

Abstract

Representatives from a range of established KMIP Key Management server vendors answer questions from the moderators and from the audience on various aspects of encryption, standardised key management via KMIP and some of the deployment issues and opportunities brought about through enterprise key management.

Track 1

Data Security in an All Flash Storage World

Ashvin Kamaraju, VP Product Development, Vormetric

Abstract

To combat more sophisticated and persistent cyber attacks and to keep data safe, IT teams have to employ robust encryption, key management, and access controls. This is especially true for information held in storage environments.



Experiences of Deploying Encryption and Key Management in Private, Public and Hybrid Cloud Environments

Steve Pate, Chief Architect, HyTrust

Abstract

Encryption is being deployed everywhere, not just for compliance reasons such as PCI and HIPAA or safe harbor, but to protect sensitive data in public cloud environments.

In hybrid cloud environments there are many challenges and choices in deploying encyption solutions and key management plays a critical role in solving these challenges.

In this presentation I share experiences over the last 10 years with how organizations have been deploying encryption and key management in virtualized and cloud environments.



Storage Security Conundrums

Eric Hibbard, CTO Security & Privacy, Hitachi Data Systems
Tim Hudson, CTO, Cryptsoft

Abstract

Securing storage ecosystems can be challenging because of the specialized technologies involved as well as limited availability of relevant information. This panel will explore some of the more subtle, but troublesome, aspect of data at-rest encryption and key management, cryptographic erase as a sanitization method, proof of encryption/sanitization, the collision of virtualization and security, etc. Participants will have a better understanding of the issues and the approaches that are being used to address them.



Storage as IoT

Tom Coughlin, President, Coughlin Associates

Abstract

Ongoing changes in computing architectures, a continued trend toward virtualization (Software Defined Storage, SaaS, PaaS, etc.), and recent questions about the security of the data on drives has led to major architectural changes in both the interface and internal implementation of secure storage devices. This presentation looks into the drivers of these changes, including recent reports of drive vulnerabilities, and describe the changes currently being driven into storage standards and devices. In particular, the parallel between embedded security in storage and IoT devices is examined to show how these technologies are beginning to converge.


Track 2

Data Valuation to Minimize Monetary Loss

Steve Todd, EMC Fellow, EMC

Abstract

Data protection algorithms that replicate data based on its value can minimize monetary loss in the case of a disaster (reference Omer/Peleg/Udi work). The value of data, however, is often input manually and enumerated into broad categories (e.g. low, medium, high). The industry would benefit from approaches that automatically calculate specific numeric scores and dynamically adjusts protection algorithms based on these more fine-grained results. This presentation (a) introduces a research program on data value, (b) proposes techniques for calculating data value and (c) discusses a framework for feeding valuation results into a data protection ecosystem.



Panel: Data Security Versus Recovery (think: Apple/FBI): Is There a Win/Win?

Moderator: Michael Willett, VP Marketing, Drive Trust Alliance

Panelists:
Robert Thibadeau, CEO, Drive Trust Alliance
Thomas Rivera, Sr. Technical Associate, HDS
Chris Bross, Chief Technology Officer, DriveSavers

Abstract

The recent impasse between Apple and the FBI made flash security part of the daily news. The FBI wanted to look at the data in a dead terrorist’s cell phone and demanded that Apple unlock the encryption. Apple refused, citing security and privacy issues and noting that governments around the world could demand drive unlocking for almost any reason. Besides, Apple noted, such a backdoor would soon be widely available.Do we refuse requests from law enforcement that could thwart terrorist attacks and save lives? Do we allow requests and end up with private data being used for blackmailing and spread around the news media? Could we then have lists of police informants, spies, or protesters against autocratic governmentsmade public, as well as sensitive corporate data? The specific solution in the Apple/FBI case raises even more questions. The FBI paid over $1 million to an unknown vendor to thwart the encryption. Who else could build or buy the same tool? In the corporate world, both security and recovery are essential tools in the arsenal of business processes. Ideally, we want harmonious co-existence. This Panel will explore the tension between security and data recovery, search for any win/win trade-offs and alternatives, and hopefully elevate the discourse above the irrational, often hysterical, level heard today; we hope! Come join a lively discussion of a fascinating issue.



Have Your Cake and Eat It Too: Searchable Encryption

Srinivasan Narayanamurthy, Member Technical Staff, NetApp

Abstract

The increasing concern over privacy of consumer, enterprise and government data stored in cloud has led to renewed interest in the 15-year-old topic of searchable encryption. Various cloud service, storage system and database designers are looking for solutions to provide end-to-end encryption on user data, yet not to lose on the value that they offer on stored data. However, the space of searchable encryption is cluttered with an array of options that are easy enough to confuse system designers.

This talk is aimed at demystifying the following cryptographic primitives that can be used to search on encrypted data: multi-party computation, oblivious RAM, searchable symmetric encryption, functional encryption, property-preserving encryption, fully-homomorphic encryption. Technical analyses that compare performance-security tradeoffs, threat/leakage modeling, etc., will also be presented.



SNIA Tutorial:
Privacy vs Data Protection: The Impact of EU Data Protection Legislation

Thomas Rivera, Sr. Technical Associate, HDS

Abstract

After reviewing the diverging data protection legislation in the EU member states, the European Commission (EC) decided that this situation would impede the free flow of data within the EU zone. The EC response was to undertake an effort to "harmonize" the data protection regulations and it started the process by proposing a new data protection framework. This proposal includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This tutorial explores the new EU data protection legislation and highlights the elements that could have significant impacts on data handling practices.