Guidance and Best Practices

The SNIA security activities (Security Technical Work Group and Storage Security Industry Forum) recognized very early that storage-centric security guidance was needed for use by practitioners, IT architects, IT managers, and corporate executives (CIOs and CSOs, in particular).  We are pleased to present these documents to assist you in your storage security activities:

Best Current Practices

The Storage Security Best Current Practices (BCPs) provide broad guidance to organizations seeking to secure their individual storage systems as well as their storage ecosystems. By focusing on best practices rather than a more minimalist set of requirements, organizations have flexibility in how they implement this guidance - as specific technology areas or in a phased approach, and so on.

This vendor neutral guidance has a broad scope, covering both storage systems and the entire storage ecosystems. Storage security BCPs have been grouped into core BCPs and technology-specific BCPs. The core BCPs are applied to all storage systems and ecosystems. The technology-specific BCPs are above and beyond the core BCPs and more than one of these BCPs may be applicable in a given environment. Click here to download your copy.

SSIF Solutions Guide to Data-at-Rest

This new Guide addresses concerns that have arisen with the recent focus on data privacy, integrity, availability, and liability.  It provides some baseline considerations and guidance into some of the factors you should consider when evaluating storage security technologies and solutions, including evaluation of the current processes and security controls in place,  Also featured is an overview of solutions provided by SSIF members Brocade, IBM, nCipher, NetApp, Seagate, and Wave Systems to mitigate the threat of loss of physical control of storage media. Click here to download your copy.

Storage Security Professionals Guide

Learn about a storage security professional career in the Storage Security Professionals Guide,  which describes the skills and knowledge of a competent storage security professional who is engaged in activities necessary to secure the average enterprise's storage ecosystems. Click here to download your copy.