Security

Jump straight to an abstract:

The Abstracts

Introduction to Storage

Andrew Nielsen Download

Many enterprises face the task of implementing data protection and data security measures to meet a wide range of requirements. We have already made you aware of the threats. You know that the risks and threats are real; it is just a matter of time before you become a statistic. The security best practices provided by the SNIA Security Technical Work Group will help you to secure the storage infrastructure to know and manage our risks. However, what will it really take to implement a secure storage infrastructure? What upfront work is required to implement security? What is the ongoing work to insure that the storage infrastructure is secure?

This session focuses on the efforts required at the storage layer to create a successful defense-in-depth strategy. Major threats for each of the key storage element are explored. The session provides information on how to determine the security posture of these elements in a particular installation. However, be aware that the session leverages material contained in the SNIA-SSIF whitepaper: Introduction to Storage Security. This enables the session to expand further on these concepts.

Learning Objectives:

  • Know storage security measures in response to risk and threat
  • Apply best practices for data protection and security
  • Understand the upfront and continuing effort required to secure the storage layer

Cryptographic Use Cases and the Rational for End-to-End Security

Larry Hofer Download

The variety of environments in which Fibre Channel (FC) fabrics and other technologies such as iSCSI and FCIP are deployed makes it likely that customers will have many choices for data protection in the future. Data protection solutions such as data integrity, data-at-rest, and in-flight data protection are among those choices. This tutorial surveys many use cases that identify the locations in a SAN where security may be applied and explores an end-to-end security approach.

  • Develop an understanding of various data protection alternatives, including data integrity, data-at-rest, and data in-flight and how they mitigate different threats in SANs
  • Identify numerous locations in a SAN where security technologies can be applied and the pros/cons of each alternative
  • End-to-end security is studied in-depth as one common approach

A Do-It-Yourself Guide to Storage Forensics

Richard Austin Download

As more and more enterprise information is consolidated into storage area networks, the likelihood of storage administrators finding themselves challenged to identify, collect and preserve electronic evidence relevant to an intrusion, crime, policy violation or e-discovery request is steadily increasing. This presentation presents a whirlwind tour of the processes for collecting and preserving digital evidence and the challenges traditional forensics practitioners face in a world where servers may have no directly attached disks.

Learning Objectives

  • Understand the general requirements for information to be used in the legal process
  • Build familiarity with sound processes for identification, collection and preservation of digital evidence
  • Understand the challenges SAN attached storage poses to the traditional practice of digital forensics

TCG Trusted Storage Specification

Michael Willett Download

The Trusted Computing Group (TCG) Storage WorkGroup has published formal specifications for security and trust services on storage devices, including hard drives, flash, and tape drives. The majority of hard drive and other storage device manufacturers participated. Putting security directly on the storage device avoids the vulnerabilities of platform OS-based software security. The details of the Specification will be highlighted, as well as various use cases, including Full Disk Encryption with enterprise key management.

Learning Objectives

  • Learn the high-level details of the TCG Storage Specifications
  • Learn how to program applications that exploit the security and trust services on the storage
  • Learn the variety of use cases possible with storage device-based security

ABCs of Encryption

Roger Cummings Download

Public disclosures of data 'indiscretions' have become regular enough and embarrassing enough that many organizations are exploring encryption options to simply stay out of the headlines. Those who have ventured into this space quickly realize that there is no 'magic crypto fairy dust' that will make the problems go completely away. However, with careful planning and judicious use of the right technologies, organizations can eliminate many of their exposures. This session focuses on the efforts required at the storage layer to create a successful encryption strategy. Major uses along with factors to consider are presented for protecting storage management, data in-flight, and data at-rest. The session provides expanded coverage on encrypting data at-rest, including key management and a step-by-step approach.

Learning Objectives

  • Identify where encryption is applied to the storage layer
  • Discuss uses and issues associated with the application of encryption, with special emphasis on data at-rest encryption prerequisites and opportunities.
  • Develop an approach for implementing data at-rest encryption.

An Introduction to Key Management for Secure Storage

Walt Hubis Download

As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost.

This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices.

Learning Objectives:

  • Acquire a basic understanding of key management technologies and issues within the storage environment.
  • Understand the basics of symmetric encryption keys with an emphasis on data-at-rest encryption.
  • Identify the best practices for key management in the storage environment.

Building a Key Management Strategy: Standards and Solutions

Bob Lockhart Download

Recent Taneja Group research demonstrates that the hidden problem is management of disparate key systems and that global key management is a top of mind issue for enterprises. As storage security devices proliferate across highly heterogeneous user environments, key management standards are multiplying, as well. From PKCS#11 to P1619.3 to the various FIPS standards, it can be a challenge understanding what the standards represent and how they benefit your organization. This session, led by a recognized storage security expert, covers all of the key management standards that exist and where each fits in the scope of a comprehensive Key Management Services strategy.

Learning Objectives

  • Understand the importance of leveraging open standards for the interoperability and exchange of keys from key managers to key managers and between key manager and security endpoints
  • Implement a Global Service Network Architecture to deliver key management services to any application and any device, in any IT environment to protect business continuity when sharing sensitive information.