SNIA Tutorial: Storage Security - The ISO/IEC Standard
Job title: CTO Security & Privacy
Company/Organization: Hitachi Data Systems
The new ISO/IEC 27040 "Storage security" project seeks to provide detailed technical guidance on the protection (security) of information where it is stored and to the security of the information being transferred across the communication links; it includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users This session introduces the new draft standard, highlights key elements of the guidance, and describes how it can be leveraged by an organization (RFPs, policy, skills, etc.).
Introduction of computing and data services in a cloud service provider context exposes the customer's information to a new set of threats and vulnerabilities. This session provides an introduction to those threats and what techniques are available to mitigate the threats.
This presentation will discuss industry best practices around encryption and key management, look at how various existing solutions fare on these considerations, and look at emerging solutions in this space.