SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Challenges and Opportunities in Storage Security
Winchester
Tue Sep 17 | 3:05pm
Abstract
Security and privacy requirements are evolving fast prompted in part by initiatives coming out of the US and the EU. In the Open Compute Project security implementations are being introduced that have silicon and firmware impacts, but that promise a more open and common approach to security. Post Quantum Compute and CNSA 2.0 are another trend that will become a requirement the ecosystem is not yet ready. SBOMs and HBOMs (Software and Hardware Bills of Materials) on the horizon.
Data sanitization and circularity are also on the forefront with groups like IEEE 2883 Standard for Sanitizing Storage. Drives capable of crypto-erase, both SED and ISE, will become standard for HDDs to meet current and future requirements.
In this talk we will share an HDD device vendor view of these new changes. Many of the new requirements already exist in the HDD ecosystem and have for some time but are implemented in a proprietary way with third party firmware audits, penetration testing, FIPS and Common Criteria validation and verifiable sanitization methods.
In summary this is a complex landscape with a myriad of standards. Security, and sustainability are not well understood at the board room level, yet they are top priorities for all companies. The industry needs to coalesce around a common strategy and approach that ensures data security while understanding the costs and resource constraints related to major changes.
Learning Objectives
Upon completion, participant will be able to understand the data security model take by datacenters today.
Upon completion, participant will be able to see a path to a more secure and sustainable datacenter security model in the future.
Upon completion, participant will be able to understand the perspectives of both storage device vendors and consumers when trying to scale and resource to meet a myriad of security requirements.
Upon completion, participant will be able to understand the importance of crypto-graphic erase, it's implementation and fundamentals.
Related Sessions
Emerging Trends in Automotive Fabrics and Data Security
The blurring of the lines between data centers and automobiles continues to grow fuzzier. This talk explores the trends in automotive fabrics tying together a wild array of sensors, displays, processors, memory, and storage. Another data center trend that may actually appear first in cars is the need for post-quantum security algorithms, preventing malicious intruders from steering our cars off bridges.
New Developments in Data Security Algorithms
Storage developers need to understand that the algorithms and protocols used for data protection are in the midst of significant changes. This is driven by increases in the size of storage devices, the complexity of large data storage systems, discoveries of weaknesses, and improvements in attacks on encryption. Storage devices are seeing changes in block encryption algorithms and in implementations of those algorithms. Post-quantum cryptographic (PQC) algorithms will improve resistance to attacks using quantum computers, and a new timeline is in effect for adoption of those algorithms. Various protocols are being updated to use the new algorithms and to manage the transition to PQC.
SPDM PQC & Authorization
DMTF’s Security Protocol and Data Model (SPDM) protocol is a widely used set of standards that enable secure communication and device authentication for platform-level security. This session will give an update on major developments by the SPDM Working Group, and where the group is going over the next year. In the past year, DMTF has released SPDM version 1.4, the first version to support CNSA 2.0 algorithms for post-quantum cryptography. This was added to the specification in a way that maintains backwards compatibility with existing deployments and enables platforms to adopt forward-looking requirements. The SPDM to Storage binding (version 1.0) was also released, enabling SPDM to secure a broad range of storage transports using a common command set. This release enables SPDM across a variety of storage protocols using a broadly compatible command set.
DMTF has also released the SPDM Authorization specification, which adds access policies on top of SPDM. The authorization specification leverages the capabilities of SPDM to bring access control, credential provisioning, and policy management to modern platforms, including support for CXL. The session will conclude with a look at the SPDM Working Group’s roadmap, including anticipated enhancements and potential new use cases.
