Security Technical Work Group (TWG)

Security Technical Work Group (TWG)

General Description

The Security Technical Work Group (TWG) consists of storage security subject matter experts, from the SNIA membership, who collaborate to develop technical solutions to secure storage networks and protect data for installations from the departmental level to the multi-national enterprise. The deliverables of the SNIA Security TWG are targeted toward both the storage vendors and users of storage networks and related technologies. The Security TWG provides architectures and frameworks for the establishment of information security capabilities within the storage networking industry. Additionally, it provides guidance on the application of information assurance to storage systems/ecosystems as well as on matters of compliance as it relates to data protection and security. The focus of the Security TWG is directed toward both long-term and holistic security solutions.

Charter Summary

The Security TWG charter mandates that the TWG will:

define requirements for storage network security in collaboration with other interested parties;
define storage network security terminology for use throughout SNIA;
support other SNIA groups in creating educational materials covering security in storage networks;
define architectures, interfaces, and practices that leverage existing security technologies in a storage network;
create, or stimulate creation of, new information security technologies where nothing exists that meets the requirements for use in a storage network.

The above includes cryptographic protection of information itself, independent of the storage or storage network system.

Program of Work Summary

For convenience, the Security TWG program of work is divided into the following areas:

General Storage Security– deliverables which are related to general security, compliance, and legal issues, requirements, and technologies.
SNIA Architectures & Specifications– deliverables which are specific to the SNIA standardization activities, including storage management (e.g., SMI-S) and cloud storage (e.g., CDMI) activities being lead in other TWGs and technical steering groups (TSGs).
Securing Storage Ecosystems– deliverables in the form of guidance and best practices related to securing storage infrastructures.
Information Retention, Preservation& Discovery– deliverables which relate to securing data for long periods of time and/or to meet evidentiary obligations.

The specific deliverables for each of the work areas change from year to year.

Resources Developed by the Security TWG

The Security TWG has developed the following publicly available resources:

SNIA Technical Position, TLS Specification for Storage Systems - This standards track specification identifies specific TLS 1.2 requiirements and recommendations to secure the communications between storage clients and servers. This specification harmonizes and updates the TLS requirements for SMI-S 1.6 and CDMI 1.1. This specification will also be published as ISO/IEC 20648.
ISO/IEC 27040:2015 (Information technology - Security techniques - Storage security) - SNIA was a major participant in the development of this International Standard (publsihed on 1/5/2015) and continues to develop material to help vendors and customers exploit its guidance.

ISO/IEC JTC 1 (1/15/2015), ANSI (1/28/2015), and SNIA (2/25/2015) press releases on ISO/IEC 27040
SNIA Index for ISO/IEC 27040
SNIA Storage Security: Sanitization Whitepaper
SNIA Storage Security: Encryption and Key Management Whitepaper
SNIA Storage Security: Fibre Channel Security
Just published: SNIA Storage Security: Storage Management Security
Wikipedia article on ISO/IEC 27040
Additional SNIA materials for ISO/IEC 27040 are under development.

Relevant Organizations

InterNational Committee for Information Technology Standards (INCITS)

ISO/IEC JTC 1/SC 27 IT Security Techniques

Trusted Compting Group (TCG)

Cloud Security Alliance (CSA)

American Bar Association (ABA), Section of Science and Technology Law