What is Storage Security?

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems. Storage security represents the convergence of the storage, networking, and security disciplines, technologies, and methodologies for the purpose of protecting and securing digital assets.

Storage security is mainly focused on the physical, technical and administrative controls, as well as the preventive, detective and corrective controls associated with storage systems and infrastructure.

Ensuring adequate confidentiality, integrity, and availability of data stored and accessed on current and emerging storage technologies requires a concerted effort within this layer of ICT (Information and communications technology). Many security efforts will focus on:

  • Protecting storage management (operations and interfaces), data backup and recovery resources
  • Ensuring adequate credential and trust management
  • Data in motion, rest, and availability protection
  • Disaster recovery and Business continuity support
  • Proper sanitization and disposal
  • Secure autonomous data movement and secure multi-tenancy

Storage Security Risk

Storage security risk is created by an organization’s use of specific storage systems or infrastructures. Storage security risk arises from threats targeting the information handled by the storage systems and infrastructure, vulnerabilities (both technical and non-technical) and the impact of successful exploitation of vulnerabilities by threats.

Risk management is a key concept in information security and its process can be applied to the organization as a whole, any discrete part of the organization (e.g. a department, a physical location, a service), any information system, existing or planned or particular aspects of control (e.g. Business Continuity planning). This process consists of context establishment, risk assessment, risk treatment, risk acceptance, risk communication, and risk monitoring and review.

Threats for storage systems and infrastructure include things like:

  • Unauthorized usage and access
  • Liability due to regulatory non-compliance
  • Corruption, modification, and destruction of data
  • Data leakage and/or breaches
  • Theft or accidental loss of media
  • Malware attack 
  • Improper treatment or sanitization after end-of-use

These threats can give rise to a wide assortment of risks. However, for storage systems and infrastructure the risks associated with data breaches, data corruption or destruction, temporary or permanent loss of access/availability, and failure to meet statutory, regulatory, or legal requirements are the major concerns.

Data Breaches

A data breach can be one of the results of a security compromise and it can take many forms. Unauthorized access or disclosure of protected information are two commonly recognized forms of data breaches, but it is important to understand that lesser known forms can include accidental or unlawful destruction, loss, or alteration of data.

Depending on the volume and type of information involved (e.g., personally identifiable information, protected health information, etc.) and the applicable laws and regulations, a data breach can expose the organization to significant risk arising from costs involved in investigating the data breach, making requisite notifications to affected individuals, litigation expenses, regulatory fines and other legal penalties as well as brand damage accruing from the public disclosure of the data breach.

There are economic and security risks to the entity that has lost their or others’ secured information.  Untrusted or unauthorized entities seeking this leaked or spilled information can be of a broad range of sources, be well funded and have diverse motivations.

About SNIA's Security Technical Work

The SNIA Storage Security team is focused on defining methods of increasing the security, privacy, and data protection of information.  This includes information residing within storage ecosystems, information transiting through storage ecosystems, and information related to the management of those storage ecosystems.

SNIA participates in the development of important International Standards and works closely with the leading security-focused industry organizations. Areas of work include:

  • General storage security
  • Security for SNIA Architectures & Specifications
  • Securing storage ecosystems
  • Information retention, preservation & discovery
  • Privacy and data protection regulations

Learn more about Storage Security in our Educational Library