A Q&A on Protecting Data-at-Rest

July 28, 2020July 28, 2020 Steve Vanderlinden

One of the most important aspects of security is how to protect the data that is just “sitting there” called data-at-rest. There are many requirements for securing data-at-rest and they were discussed in detail at our SNIA Networking Storage Forum (NSF) webcast Storage Networking Security: Protecting Data-at-Rest. If you missed the live event, you can watch it on-demand and access the presentation slides here. As we promised during the webcast, here are our experts’ answers to the questions from this presentation: Q. If data is encrypted at rest, is it still vulnerable to ransomware attacks? A. Yes, encrypted data is still vulnerable to ransomware attacks as the attack would simply re-encrypt the encrypted data with a key known only to the attacker. Q. The data at rest is best implemented at the storage device. The Media Encryption Key (MEK) is located in the devices per the Trusted Computing Group (TCG) spec. NIST requires the MEK to be sanitized before decommissioning the devices. But devices do fail, because of a 3-5 year life span. Would it be better to manage the MEK in the Key Management System (KMS) or Hardware Security Module (HSM) in cloud/enterprise storage? Read More

Storage Networking Security Series: Protecting Data at Rest

March 13, 2020April 16, 2020 Steve Vanderlinden

Contrary to popular belief, securing “data at rest” does not simply mean encrypting the data prior to storage. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are as important as encryption. It’s the next topic the SNIA Networking Storage Forum (NSF) will cover in our Storage Networking Security Series. On April 29, 2020, we will host a live webcast, “Storage Networking Security Series: Protecting Data at Rest,” where we will cover the end-to-end process of securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated. As this series shows, there are many places along the chain where a weak link can break the entire process. One of the key aspects of keeping data secure – and probably the place where most people think of security – is what happens when the data is “at rest,” or being stored in some sort of stable media. Read More

A Q&A to Better Understand Storage Security

November 1, 2019November 1, 2019 Steve Vanderlinden

Truly understanding storage security issues is no small task, but the SNIA Networking Storage Forum (NSF) is taking that task on in our Storage Networking Security Webcast Series. Earlier this month, we hosted the first in this series, “Understanding Storage Security and Threats” where my SNIA colleagues and I examined the big picture of storage security, relevant terminology and key concepts. If you missed the live event, you can watch it on-demand. Our audience asked some great questions during the live event. Here are answers to them all. Q. If I just deploy self-encrypting drives, doesn’t that take care of all my security concerns? Read More