Category: Data Protection
Applied Cryptography Techniques and Use Cases
Ready for a Lesson on Security & Privacy Regulations?
- How privacy and security is characterized
- Data retention and deletion requirements
- Core data protection requirements of sample privacy regulations from around the globe
- The role that security plays with key privacy regulations
- Data breach implications and consequences
- Understanding Storage Security and Threats
- Securing the Data at Rest
- Storage Encryption
- Key Management
Standards Watch: Storage Security Update
The world of storage security standards continues to evolve. In fact, it can be hard to keep up with all that’s happening. Here’s a quick recap of SNIA’s involvement and impact on some notable storage security work – past, present and future.
The Storage Security ISO/IEC 27040 standard provides security techniques and detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. SNIA has been a key industry advocate of this standard by providing many of the concepts and best practices dating back to 2006. Recently, the SNIA Storage Security Technical Work Group (TWG) authored a series of white papers that explored a range of topics covered by the ISO/IEC 27040 standard.
Read MoreEncryption 101: Keeping Secrets Secret
- A brief history of Encryption
- Cryptography basics
- Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc.
- Introduction to Key Management
The Challenges IoT Brings to Storage and Data Strategy
Storage Networking Security Series: Protecting Data at Rest
Tracking Consumer Personal Data – A Major Headache for Data Administrators
First, it is now well understood that the CCPA* mandates strict requirements for companies to notify users about how their data will be used, along with giving customers the ability to “Opt Out” and request that their data be deleted, mirroring some of the primary aspects of the EU GDPR legislation known as the ‘right to be forgotten.’
I was reading a recent article from ThreatPost, entitled: “California’s Tough New Privacy Law and its Biggest Challenges,” and I realized that this article brought up something that I was thinking about even before the California Consumer Privacy Act (CCPA) was enacted at the beginning of this year (2020).
Read MoreIntroducing the Storage Networking Security Webcast Series
What Secure Data Deletion Means
The European Commission, Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs has issued COMMISSION REGULATION (EU) 2019/424 on 15 March 2019 laying down eco-design requirements for servers and data storage products pursuant to Directive 2009/125/EC of the European Parliament and of the Council and amending Commission Regulation (EU) No 617/2013.
While the focus is energy-related requirements, embedded in this regulation is a requirement for servers and storage systems having 4-400 drives (systems with less or more are exempted) to have an ability to perform secure data deletions; this functionality is required from 1 March 2020.
“Secure data deletion” means the effective erasure of all traces of existing data from a data storage device, overwriting the data completely in such a way that access to the original data, or parts of them, becomes infeasible for a given level of effort. Read More