Sorry, you need to enable JavaScript to visit this website.

SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA

Principal Engineer, SSD Standards -- Security in Storage Working Group Chair

KIOXIA -- IEEE

Paul Suhler has been active in the data storage world for nearly thirty years, working for companies which include KIOXIA, Micron, WD/HGST, and Quantum. He is a software and firmware engineer, and has managed the development of storage devices for companies such as Quantum and Adaptec. He is the chair of the IEEE Security in Storage Working Group, and has contributed to standards developed by organizations such as NVM Express, SNIA, and the INCITS SCSI (T10) and Fibre Channel (T13) committees. He served as the Deputy Director of the USC Advanced Computer Architecture Laboratory, and commanded US Army combat engineer companies in Korea and California. He holds a PhD in computer engineering from the University of Texas at Austin. He is a Life Senior Member of IEEE and a member of ACM.

Related Sessions

New Developments in Data Security Algorithms

Storage developers need to understand that the algorithms and protocols used for data protection are in the midst of significant changes. This is driven by increases in the size of storage devices, the complexity of large data storage systems, discoveries of weaknesses, and improvements in attacks on encryption. Storage devices are seeing changes in block encryption algorithms and in implementations of those algorithms. Post-quantum cryptographic (PQC) algorithms will improve resistance to attacks using quantum computers, and a new timeline is in effect for adoption of those algorithms. Various protocols are being updated to use the new algorithms and to manage the transition to PQC.

Paul Suhler
Principal Engineer, SSD Standards -- Security in Storage Working Group Chair
KIOXIA -- IEEE
Data Security

An Introduction to the IEEE Security in Storage Working Group

The IEEE Security In Storage Work Group (SISWG) produces standards that many storage developers, storage vendors, and storage system operators care about, including: a) A family of standards on sanitization: the IEEE 2883 family b) A family of standards on encryption methods for storage components: the IEEE 1619 family c) A standard on Discovery, Authentication, and Authentication in Host Attachments of Storage Devices: the IEEE 1667 specification IEEE has a different work group (IEEE P3172) focusing on post-quantum cryptography, but when they are done, a family method that recommends new quantum encryption for various storage types (e.g., block, stream) may be appropriate for SISWG’s IEEE 1619 family. IEEE has a different work group focusing on Zero Trust Security (ZTS, IEEE P2887), however an application of those principles for storage devices and systems is also within the purview of the IEEE SISWG.

Paul Suhler
Principal Engineer, SSD Standards -- Security in Storage Working Group Chair
KIOXIA -- IEEE
Data Security

Storage Sanitization - Why, When, and How

Operators of data storage systems are legally obligated to protect customer data, and can be subject to significant penalties. This presentation will explore existing and upcoming standards to show the best practices for sanitizing customer data. These standards will include IEEE 2883-2022 and ISO/IEC 27040,and will describe current work on new standards.

The audience for this presentation includes developers and users of data storage systems, as well as developers of software utilizing those systems.

Paul Suhler
Principal Engineer, SSD Standards -- Security in Storage Working Group Chair
KIOXIA -- IEEE
Data Security

Changes in Encryption and Other Security Algorithms

The IEEE Security In Storage Work Group (SISWG) produces standards used by many storage developers, storage vendors, and storage system operators. New and ongoing work includes:
* Improving security of the XTS-AES encryption algorithm used by self-encrypting storage devices.
* Guiding users in sanitizing their storage devices.
* Guiding users in sanitizing large-scale virtual and cloud storage systems.
* Coordinating with other standards organizations, such as NIST and SNIA, to improve the coherence of the standards ecosystem.

Paul Suhler
Principal Engineer, SSD Standards -- Security in Storage Working Group Chair
KIOXIA -- IEEE
General Session

Post Quantum Crypto Update

Post-quantum cryptographic (PQC) algorithms are intended to resist attacks on data and communications security by quantum computers. A variety of organizations have been defining PQC algorithms and how they are used to protect data storage. This talk will describe new and existing standards, as well as requirements for data storage products to comply with these standards in the near future.

Paul Suhler
Principal Engineer, SSD Standards -- Security in Storage Working Group Chair
KIOXIA -- IEEE

New Developments in Data Security Algorithms

Submitted by Anonymous (not verified) on

Storage developers need to understand that the algorithms and protocols used for data protection are in the midst of significant changes. This is driven by increases in the size of storage devices, the complexity of large data storage systems, discoveries of weaknesses, and improvements in attacks on encryption. Storage devices are seeing changes in block encryption algorithms and in implementations of those algorithms. Post-quantum cryptographic (PQC) algorithms will improve resistance to attacks using quantum computers, and a new timeline is in effect for adoption of those algorithms.

An Introduction to the IEEE Security in Storage Working Group

Submitted by Anonymous (not verified) on

The IEEE Security In Storage Work Group (SISWG) produces standards that many storage developers, storage vendors, and storage system operators care about, including: a) A family of standards on sanitization: the IEEE 2883 family b) A family of standards on encryption methods for storage components: the IEEE 1619 family c) A standard on Discovery, Authentication, and Authentication in Host Attachments of Storage Devices: the IEEE 1667 specification IEEE has a different work group (IEEE P3172) focusing on post-quantum cryptography, but when they are done, a family method that recommends new q

Storage Sanitization - Why, When, and How

Submitted by Anonymous (not verified) on

Operators of data storage systems are legally obligated to protect customer data, and can be subject to significant penalties. This presentation will explore existing and upcoming standards to show the best practices for sanitizing customer data. These standards will include IEEE 2883-2022 and ISO/IEC 27040,and will describe current work on new standards.

The audience for this presentation includes developers and users of data storage systems, as well as developers of software utilizing those systems.

Post Quantum Crypto Update

Submitted by Anonymous (not verified) on

Post-quantum cryptographic (PQC) algorithms are intended to resist attacks on data and communications security by quantum computers. A variety of organizations have been defining PQC algorithms and how they are used to protect data storage. This talk will describe new and existing standards, as well as requirements for data storage products to comply with these standards in the near future.

Subscribe to Paul Suhler

Follow us on X

SDC 2025 is brought to you by SNIA. SNIA is an industry association committed to its mission of worldwide leadership developing and promoting architectures, standards, education and vendor-neutral collaboration.