Jump straight to an abstract:

The Abstracts

Got Lawyers? They've Got Storage and ESI in the Cross-Hairs
David Stevens

Many organizations face the challenge of implementing protection and data security measures necessary to comply with a wide range of regulatory, statutory, and other legal requirements. Because storage systems (actually the data they contain) play an important part in many of these issues, storage managers and administrators may be asked to assist in supporting a variety of legal actions as well as help their organizations guard against data transgressions having legal consequences. Thus, they need to be capable of taking abstract regulatory, statutory and other legal requirements and translating them into implementable solutions. In addition, they must be able to partner with the legal community to ensure these solutions address the organization’s compliance requirements and that the support is timely and responsive.    This session describes the legal issues storage security professionals are likely to encounter as part of their role as the focal point for securing storage systems.

Learning Objectives

  • General introduction to the relevant legal issues 
  • Understand how these legal issues impact storage 
  • Practical tips on ways to deal with some of the more pressing legal issues

Implementing Stored-Data Encryption
Michael Willett

Data security is top of mind for most businesses trying to respond to the constant barrage of news highlighting data theft, security breaches, and the resulting punitive costs.  Combined with litigation risks, compliance issues and pending legislation, companies face a myriad of technologies and products that all claim to protect data-at-rest on storage devices. What is the right approach to encrypting stored data?  The Trusted Computing Group, with the active participation of the drive industry, has standardized on the technology for self-encrypting drives (SED): the encryption is implemented directly in the drive hardware and electronics. Mature SED products are now available from all the major drive companies, both HDD (rotating media) and SSD (solid state) and both laptops and data center. SEDs provide a low-cost, transparent, performance-optimized solution for stored-data encryption. SEDs do not protect data in transit, upstream of the storage system.  For overall data protection, a layered encryption approach is advised. Sensitive data (eg, as identified by specific regulations: HIPAA, PCI DSS) may require encryption outside and upstream from storage, such as in selected applications or associated with database manipulations.  This tutorial will examine a ‘pyramid’ approach to encryption: selected, sensitive data encrypted at the higher logical levels, with full data encryption for all stored data provided by SEDs.

Learning Objectives

  • The mechanics of SEDs, as well as application and database-level encryption
  • The pros and cons of each encryption subsystem 
  • The overall design of a layered encryption approach

A Hype-free Stroll Through Cloud Storage Security
Subhash Sankuratripati

Cloud storage is emerging as a cloud offering that has appeal to a potentially broad set of organizations. Like other forms of cloud computing, the security must be addressed as part of good governance, managing risks and common sense. The Cloud Security Alliance (CSA) guidance on cloud computing security can be used as a starting point for what some believe is a make-or-break element of cloud storage.    This session will overview the CSA “top threats” and describe the security aspects of the new Cloud Data Management Interface (CDMI) specification, which includes protective measures employed in the management and access of data and storage. These measures span transport security, authentication, authorization and access controls, data integrity, sanitization, data retention, protections against malware, data at-rest encryption, and security capability queries.

Learning Objectives

  • General introduction to cloud security threats and risks 
  • Understand the security issues considered critical to cloud storage 
  • Basic knowledge of the SNIA CDMI security capabilities

Practical Secure Enterprise Storage: A Vendor Agnostic Overview
Walt Hubis

This presentation will explore the important concepts and fundamental methods of implementing secure enterprise storage using current technologies to implement a practical system. The high level requirements that drive the implementation of secure storage for the enterprise, including legal issues, key management, current technologies available to the end user, and fiscal considerations will be explored in detail. In addition, actual implementation examples will be provided that illustrate how these requirements are applied to actual systems implementations.

Learning Objectives

  • Understand the need and use cases for implementing secure storage. 
  • Become familiar with the technologies and terminologies used in secure storage systems. 
  • Learn to specify and to configure an effective enterprise secure storage system.