New Standard Brings Certainty to the Process of Proper Eradication of Data

A wide variety of data types are recorded on a range of data storage technologies, and businesses need to ensure data residing on data storage devices and media are disposed of in a way that ensures compliance through verification of data eradication.

When media are repurposed or retired from use, the stored data often must be eliminated (sanitized) to avoid potential data breaches. Depending on the storage technology, specific methods must be employed to ensure that the data is eradicated on the logical/virtual storage and media-aligned storage in a verifiable manner.

Existing published standards such as NIST SP 800-88 Revision 1 (Media Sanitization) and ISO/IEC 27040:2015 (Information technology – Security techniques – Storage security) provide guidance on sanitization, covering storage technologies from the last decade but have not kept pace with current technology or legislative requirements.  

New standard makes conformance clearer

Read More

Standards Watch: Storage Security Update

The world of storage security standards continues to evolve. In fact, it can be hard to keep up with all that’s happening. Here’s a quick recap of SNIA’s involvement and impact on some notable storage security work – past, present and future.

The Storage Security ISO/IEC 27040 standard provides security techniques and detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. SNIA has been a key industry advocate of this standard by providing many of the concepts and best practices dating back to 2006. Recently, the SNIA Storage Security Technical Work Group (TWG) authored a series of white papers that explored a range of topics covered by the ISO/IEC 27040 standard. 

Read More

Addressing Cloud Security Threats with Standards

In a recent SNIA webinar, Cloud Standards: What They Are, Why You Should Care, the SNIA Cloud Storage Technologies Initiative (CSTI) highlighted some of the key cloud computing standards being developed and published by the ISO/IEC JTC 1/SC 38 (Cloud Computing and Distributed Platforms) and SC 27 (Information security, cybersecurity and privacy protection) standards committees. While ISO and IEC are not the only organizations producing cloud computing standards and specifications (e.g., ITU-T, OASIS, NIST, ENISA, SNIA, etc.), their standards, sometime developed jointly with ITU-T, can play a role in addressing WTO Agreement on Technical Barriers to Trade (TBT) issues. More importantly, they provide a baseline of cloud terminology, concepts, guidance/requirements, and expectations that are recognized internationally. Read More