Storage Security Best Practices

Many organizations face the challenge of implementing protection and data security measures to meet a wide range of requirements, including statutory and regulatory compliance. Often the security associated with storage systems and infrastructure has been missed because of limited familiarity with the storage security technologies and/or a limited understanding of the inherent risks to storage ecosystems. The net result of this situation is that digital assets are needlessly placed at risk of compromise due to data breaches, intentional corruption, being held hostage, or other malicious events. Both SNIA and ISO/IEC are combating this situation by providing materials that can be used to address storage security issues. In the case of ISO/IEC, the materials are contained in a new International Standard that seeks to provide detailed technical guidance on the protection (security) of information where it is stored and to the security of the information being transferred across the communication links; it includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users. This session introduces the major storage security issues, outlines the guidance, and introduces the new draft standard. Learning Objectives General introduction to storage security issues Identifies key elements of the storage security guidance Provides an overview of the ISO/IEC 27040 standard