Category: data privacy
The Confidential Computing Webcast Series
A Q&A on Protecting Data from New COVID Threats
How COVID has Changed Data Privacy and Data Protection
Ready for a Lesson on Security & Privacy Regulations?
- How privacy and security is characterized
- Data retention and deletion requirements
- Core data protection requirements of sample privacy regulations from around the globe
- The role that security plays with key privacy regulations
- Data breach implications and consequences
- Understanding Storage Security and Threats
- Securing the Data at Rest
- Storage Encryption
- Key Management
Tracking Consumer Personal Data – A Major Headache for Data Administrators
First, it is now well understood that the CCPA* mandates strict requirements for companies to notify users about how their data will be used, along with giving customers the ability to “Opt Out” and request that their data be deleted, mirroring some of the primary aspects of the EU GDPR legislation known as the ‘right to be forgotten.’
I was reading a recent article from ThreatPost, entitled: “California’s Tough New Privacy Law and its Biggest Challenges,” and I realized that this article brought up something that I was thinking about even before the California Consumer Privacy Act (CCPA) was enacted at the beginning of this year (2020).
Read MoreSecurity Watch
Issues related to security have great importance in IT today. SNIA is participating in the creation of international standards with leading security-focused industry organizations. Here’s an update on recent activities from the SNIA Security Technical Work Group (TWG):
Transport Layer Security
- The SNIA Security TWG is keeping a keen eye on the TLS 1.3 landscape, which is starting to get interesting since the IETF approved RFC 8446 last August. TLS 1.3 is significantly different from previous versions and it is expected to have an impact on the mandatory elements for the SNIA TLS Specification for Storage and ISO/IEC 20648:2016, which are based on TLS 1.2. While TLS 1.2 is still valid and will be for some time, it is important to keep in mind that ISO standards like ISO/IEC 20648:2016 have a 5-year shelf life. SNIA plans to work on an update later this year so that a new specification is in place in 2021.
Security GDPR, SNIA and You
In April 2016, the European Union (EU) approved a new law called the General Data Protection Regulation (GDPR). This coming May 25th, however, is the start of enforcement, meaning that any out-of-compliance organization that does business in the EU could face large fines. Some companies are choosing to not conduct business in the EU as a result, including email services and online games.
The GDPR is applicable to any information classified as personal or that can be used to determine your identity, including your name, photo, email address, social media post, personal medical information, IP addresses, bank details and more. Read More
Data Security is an Integral Part of any Business Endeavor
In the wake of all the data breaches, privacy scandals, and cybercrime in the world these days, it can be worrisome if you’re responsible for keeping your company and customer data safe. Sure, there are standards to help you plan and implement policies and procedures around data security, like the ISO/IEC 27040:2015 document. It provides detailed technical guidance on how organizations can be consistent in their approach to plan, design, document and implement data storage security.
While the ISO/IEC 27040 standard is fairly thorough, there are some specific elements in the area of data protection — including data preservation, data authenticity, archival security and data disposition — that the ISO document doesn’t fully get into. The Storage Networking Industry Association (SNIA) Security Technical Working Group (TWG) has released a whitepaper that addresses these specific topics in data protection. One of a series of educational documents provided by the TWG, this one extends, builds on, and complements the ISO 27040 standard, while also suggesting best practices. Read More
Podcasts Bring the Sounds of SNIA’s Storage Developer Conference to Your Car, Boat, Train, or Plane!
SNIA’s Storage Developer Conference (SDC) offers exactly what a developer of cloud, solid state, security, analytics, or big data applications is looking for – rich technical content delivered in a no-vendor bias manner by today’s leading technologists. The 2016 SDC agenda is being compiled, but now you can get a “sound bite” of what to expect by downloading SDC podcasts via iTunes, or visiting the SDC Podcast site at http://www.snia.org/podcasts to download the accompanying slides and/or listen to the MP3 version.
Each podcast has been selected by the SNIA Technical Council from the 2015 SDC event, and include topics like:
- Preparing Applications for Persistent Memory from Hewlett Packard Enterprise
- Managing the Next Generation Memory Subsystem from Intel Corporation
- NVDIMM Cookbook – a Soup to Nuts Primer on Using NVDIMMs to Improve Your Storage Performance from AgigA Tech and Smart Modular Systems
- Standardizing Storage Intelligence and the Performance and Endurance Enhancements It Provides from Samsung Corporation
- Object Drives, a New Architectural Partitioning from Toshiba Corporation
- Shingled Magnetic Recording- the Next Generation of Storage Technology from HGST, a Western Digital Company
- SMB 3.1.1 Update from Microsoft
Eight podcasts are now available, with new ones added each week all the way up to SDC 2016 which begins September 19 at the Hyatt Regency Santa Clara. Keep checking the SDC Podcast website, and remember that registration is now open for the 2016 event at http://www.snia.org/events/storage-developer/registration. The SDC conference agenda will be up soon at the home page of http://www.storagedeveloper.org.
Enjoy these great technical sessions, no matter where you may be!