Security

 

Material on this page is intended solely for the purpose of content review by SNIA members. Tutorial material may be read and commented upon by any SNIA member, but may not be saved, printed, or otherwise copied, nor may it be shared with non-members of the SNIA. Tutorial managers are responsible for responding to all comments made during the open review period. No responses will be given to comments made outside the open review period.

Jump straight to an abstract:

The Abstracts

Trusted Computing for the Consumer
Dr. Michael Willett
Download

State, Federal, and international legislation mandate the use of strong security measures to protect confidential and personal information. Businesses and governments react through due diligence by implementing security best practices. In fact, being secure in their management of information provides a competitive advantage and enhances the trust that consumers of products and services have in business/government.

The modern consumer also manages confidential and personal data, as well as sensitive applications. Net: The consumer, especially in this highly interconnected world, requires equivalent security best practices. The difference is the broad range of technical expertise in the consumer population (all of us!).

The security functionality must be:
- Easy to use
- Transparent
- Robust
- Inexpensive

And, be a natural part of the computing infrastructure. Enter: Trusted computing, as defined and standardized by the Trusted Computing Group (TCG). The tenets of the TCG include: robust security functions in hardware, transparency, and integration into the computing infrastructure; a perfect match with the consumer requirements.

The TCG, an industry consortium with a broad industry, government, and international membership, has developed technical specifications for a number of trusted elements. Included are specifications for integrated platform security, network client security and trust, mobile device security, and trusted storage; all key components of the consumer computing experience.

For example, the storage specifications define the concept of Self-Encrypting Drives (SED). SEDs integrate the encryption into the drive hardware electronics, encrypting all data transparently that is written to the drive; and, with no loss in drive performance. The SED protects against loss or theft, whether a laptop or a data center drive. And, both business professionals and rank-and-file consumers lose a significant number of laptops, according to the FBI. The robust protection afforded the consumer is transparent, inexpensive, and easy to use.

Combining the performance, longevity, quietness, and ruggedness of a solid-state drive (SSD) with the SED function equips the consumer with a winning combination, all integrated into the infrastructure.

Learning Objectives

  • Overview of the security challenges facing the consumer   
  • Introduction to the tenets of the Trusted Computing Group, especially the integration of security into the computing infrastructure 
  • Description of the TCG/SED technology, as a relevant example of trusted computing             

Securing File Data in a Distributed or Mobile World
Chris Winter

Download

When an organization has a distributed or mobile workforce or requires executives or key personnel to work from home, the issue of securing the business critical data becomes especially problematic. In most cases today, responsibility for the security of the file data is the left up to the individual end user.  Theft or even the borrowing of the mobile device leaves critical file data exposed.  The rapid growth of BYOD (Bring Your Own Device) brings cost savings and efficiency for organizations but also a greater risk of security breaches.  Today, no control or reporting of use of critical data on mobile devices is possible and this creates regulatory problems.

Learning Objectives

  • Attendees will be able to identify the problems and issues with securing file data. 
  • Attendees will be able to show how critical file data can be secured with encryption in a way that allows simple yet secure access to authenticated users 
  • Attendees will be able to show how all this can be done while maintaining regulatory oversight, access control, and a secure audit trail.

Reforming EU Data Protections…No Ordinary Sequel
Eric Hibbard

Download

After reviewing the diverging data protection legislation in the EU member states, the European Commission (EC) decided that this situation would impede the free flow of data within the EU zone. The EC response was to undertake an effort to "harmonize" the data protection regulations and it started the process by proposing a new data protection framework. This proposal includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This session explores the new EU data protection legislation and highlights the elements that could have significant impacts on data handling practices.

Learning Objectives

  • General introduction to the new EU data protection legislation
  • Understand the potential impacts the new data protection rules could have on storage