Jump straight to an abstract:

The Abstracts

Introduction to Storage Security
Eric Hibbard

As society becomes more dependent on IT and digital assets, the social impact of the failure of IT resources ceases to be an inconvenience and begins to take on the character of a disaster. Few other elements of the IT infrastructure have a more important relationship with data than that of storage systems. They may also be the last line of defense against an adversary, but only if storage managers and administrators invest the time and effort to implement and activate the available storage security controls.

This session covers the storage security fundamentals. It starts by providing information on the types of data that should be protected along with the drivers for this protection. Next, it summarizes important information assurance and security concepts, with a particular emphasis on risk. It continues with a characterization of storage security and concludes with practical guidance on starting a storage security program.

Learning Objectives

• General introduction to storage security concepts
• Practical tips on ways to utilize storage security mechanisms

Self-encrypting Storage: Comparing Alternatives
Michael Willett

Data security is top of mind for most businesses trying to respond to the constant barrage of news highlighting data theft and security breaches.  Combined with litigation risks, compliance issues and pending legislation, companies face a myriad of technology and products that all claim to protect data at rest.  The disk drive industry has launched innovative, simple and powerful technology intended to secure data where it lives – in the disk drive.  This tutorial will give storage users and managers a look at emerging drive-level encryption technology for laptops, PCs, and data centers that provides a secure storage foundation and compare that technology with alternative storage encryption methods, including: host-based, appliance, network fabric, and controller-based.

Learning Objectives

• High-level understanding of the various methods for encrypting storage, including self-encryption
• Critical and unbiased comparison of the alternative storage encryption methods
• Ability to identify and use business and I.T. requirements to select the appropriate storage encryption method(s)

Introduction to Key Management for Secure Storage
Walt Hubis

As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised.  Worse, without proper management of key information, data can be completely lost.    This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices.

Learning Objectives

• Become familiar with basic cryptographic key terminology.
• Understand common cryptographic key threats, protection mechanisms, and implementations.
• Understand what key management methods are currently being used and the standards organizations addressing these methods.

An Inside Look at Imminent Key Management Standards
Matthew Ball

This session provides storage managers and planners an inside look at the expected timing of publishing emerging key management standards, as well as the direction that these standards have taken and the technologies they use. Attendees will learn about existing standards, including OASIS KMIP and IEEE P1619.3, and the implications of the minimum requirements for compliance with each. For example, the first draft of OASIS KMIP provides a good basic set of key management objects and operations, but leaves out some of the trickier aspects, such as enrollment and discovery. IEEE P1619.3 intends to augment OASIS KMIP by adding support for these features, among others. In conclusion, this tutorial will provide storage planners with an ability to understand what they might expect of key management solutions in the future as well as provide food for thought as they implement key management solutions today.
Learning Objectives

• Discover the background of existing key management standards, including OASIS KMIP and IEEE P1619.3
• Learn the enabling technologies behind these key management standards
• Apply these standards to integration with existing systems or creation of new systems

Legal Issues Relevant to Storage
Eric Hibbard

Many organizations face the challenge of implementing protection and data security measures necessary to comply with a wide range of regulatory, statutory, and other legal requirements. Because storage systems (actually the data they contain) play an important part in many of these issues, storage managers and administrators may be asked to assist in supporting a variety of legal actions as well as help their organizations guard against data transgressions having legal consequences. Thus, they need to be capable of taking abstract regulatory, statutory and other legal requirements and translating them into implementable solutions. In addition, they must be able to partner with the legal community to ensure these solutions address the organization’s compliance requirements and that the support is timely and responsive.

This session describes the legal issues storage security professionals are likely to encounter as part of their role as the focal point for securing storage systems.

Learning Objectives

• General introduction to the relevant legal issues
• Understand how these legal issues impact storage
• Practical tips on ways to deal with some of the more pressing legal issues

How E-Discovery Will Affect Your Life as a Professional
David Stevens

Mention the term E-Discovery to a storage professional and watch their reaction.  They may run away and hide.  Storage Professionals today face the daunting task of being able to quickly know where every email, word document and database file lives and how to get it back in a hurry in the event of a catastrophe.  With the recent update to the Federal Rules of Civil Procedure (FRCP) a storage professional now has even more pressure to potentially know the content inside those files.

• This session helps the storage professional understand the new Federal Rules of Civil Procedure (FRCP) that were recently updated.
• We will also look at an e-discovery request from the perspective of a storage professional.ssional.
• Finally, we will provide some recommendations on how to prepare for an e-discovery request.

Cloud Storage Security Introduction
Gordon Arnold

Introduction of computing and data services in a virtualized and service provider context exposes the customer's information to a new set of threats and vulnerabilities.  This session provides an introduction to those threats and what techniques are available to mitigate the threats.

Learning Objectives

• What threats are there to the privacy and accuracy of my data in a cloud implementation?
• How should I approach using cloud services in the light of security concerns?
• What techniques are available to protect my information in the cloud, what is practical for using the cloud?

Cloud Storage Securing CDMI
Eric Hibbard

With SNIA’s publication of the Cloud Data Management Interface (CDMI) specification, cloud storage implementations can now offer a standard set of features and capabilities. Security is part of this feature set and some believe that it is a make-or-break element of cloud storage, and cloud computing in general.

This session will overview the security of the new CDMI standard, which includes protective measures employed in the management and access of data and storage. These measures span transport security, authentication, authorization and access controls, data integrity, sanitization, data retention, protections against malware, data at-rest encryption, and security capability queries.

Learning Objectives:

• Understand which security issues are considered critical to cloud storage
• Basic knowledge of the SNIA CDMI security capabilities
• General guidelines for exploiting the security features of CDMI