Category: Data Protection

Where Does Cyber Insurance Fit in Your Security Strategy?

Paul Talbut
Protection against cyber threats is recognized as a necessary component of an effective risk management approach, typically based on a well-known cybersecurity framework. A growing area to further mitigate risks and provide organizations with the high level of protection they need is cyber insurance. However, it’s not as simple as buying a pre-packaged policy. In fact, it’s critical to identify what risks and conditions are excluded from a cyber insurance policy before you buy. Determining what kind of cyber insurance your business needs or if the policy you have will really cover you in the event of an incident is challenging. On August 27, 2020 the SNIA Cloud Storage Technologies Initiative (CSTI) will host a live webcast, “Does Your Storage Need a Cyber Insurance Tune-Up?” where we’ll examine how cyber insurance fits in a risk management program. We’ll identify key terms and conditions that should be understood and carefully negotiated as cyber insurance policies may not cover all types of losses. Read More

Applied Cryptography Techniques and Use Cases

AlexMcDonald
The rapid growth in infrastructure to support real time and continuous collection and sharing of data to make better business decisions has led to an age of unprecedented information storage and easy access. While collection of large amounts of data has increased knowledge and allowed improved efficiencies for business, it has also made attacks upon that information—theft, modification, or holding it for ransom — more profitable for criminals and easier to accomplish. As a result, strong cryptography is often used to protect valuable data. The SNIA Networking Storage Forum (NSF) has recently covered several specific security topics as part of our Storage Networking Security Webcast Series, including Encryption101, Protecting Data at Rest, and Key Management 101. Now, on August 5, 2020, we are going to present Applied Cryptography. In this webcast, our SNIA experts will present an overview of cryptography techniques for the most popular and pressing use cases. We’ll discuss ways of securing data, the factors and trade-off that must be considered, as well as some of the general risks that need to be mitigated. We’ll be looking at: Read More

Ready for a Lesson on Security & Privacy Regulations?

J Metz
Worldwide, regulations are being promulgated and aggressively enforced with the intention of protecting personal data. These regulatory actions are being taken to help mitigate exploitation of this data by cybercriminals and other opportunistic groups who have turned this into a profitable enterprise. Failure to meet these data protection requirements puts individuals at risk (e.g., identity theft, fraud, etc.), as well as subjecting organizations to significant harm (e.g., legal penalties). The SNIA Networking Storage Forum (NSF) is going to dive into this topic at our Security & Privacy Regulations webcast on July 28, 2020. We are fortunate to have experts, Eric Hibbard and Thomas Rivera, share their expertise in security standards, data protection and data privacy at this live event.  This webcast will highlight common privacy principles and themes within key privacy regulations. In addition, the related cybersecurity implications will be explored. We’ll also probe a few of the recent regulations/laws to outline interesting challenges due to over and under-specification of data protection requirements (e.g., “reasonable” security). Attendees will have a better understanding of:
  • How privacy and security is characterized
  • Data retention and deletion requirements
  • Core data protection requirements of sample privacy regulations from around the globe
  • The role that security plays with key privacy regulations
  • Data breach implications and consequences
This webcast is part of our Storage Networking Security Webcast Series. I encourage you to watch the presentations we’ve done to date on: And I hope you will register today and join us on July 28th for what is sure to be an interesting look into the history, development and impact of these regulations.   

Standards Watch: Storage Security Update

Eric Hibbard Leave a comment

The world of storage security standards continues to evolve. In fact, it can be hard to keep up with all that’s happening. Here’s a quick recap of SNIA’s involvement and impact on some notable storage security work – past, present and future.

The Storage Security ISO/IEC 27040 standard provides security techniques and detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. SNIA has been a key industry advocate of this standard by providing many of the concepts and best practices dating back to 2006. Recently, the SNIA Storage Security Technical Work Group (TWG) authored a series of white papers that explored a range of topics covered by the ISO/IEC 27040 standard. 

Read More

Encryption 101: Keeping Secrets Secret

AlexMcDonald
Encryption has been used through the ages to protect information, authenticate messages, communicate secretly in the open, and even to check that messages were properly transmitted and received without having been tampered with. Now, it’s our first go-to tool for making sure that data simply isn’t readable, hearable or viewable by enemy agents, smart surveillance software or other malign actors. But how does encryption actually work, and how is it managed? How do we ensure security and protection of our data, when all we can keep as secret are the keys to unlock it? How do we protect those keys; i.e., “Who will guard the guards themselves?” It’s a big topic that we’re breaking down into three sessions as part of our Storage Networking Security Webcast Series: Encryption 101, Key Management 101, and Applied Cryptography. Join us on May 20th for the first Encryption webcast: Storage Networking Security: Encryption 101 where our security experts will cover:
  • A brief history of Encryption
  • Cryptography basics
  • Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc. 
  • Introduction to Key Management
I hope you will register today to join us on May 20th. Our experts will be on-hand to answer your questions.

The Challenges IoT Brings to Storage and Data Strategy

Alex McDonald
Data generated from the Internet of Things (IoT) is increasing exponentially. More and more we are seeing compute and inference move to the edge. This is driven by the growth in capability to not only generate data from sensors, devices, and by people operating in the field, but also by the interaction between those devices. This new source of IoT data and information brings with it unique challenges to the way we store and transmit data as well as the way we need to curate it. It’s the topic the SNIA Cloud Storage Technologies Initiative will tackle at our live webcast on May 14, 2020, The influence of IoT on Data Strategy. In this webcast we will look at: Read More

Storage Networking Security Series: Protecting Data at Rest

Steve Vanderlinden
Contrary to popular belief, securing “data at rest” does not simply mean encrypting the data prior to storage. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are as important as encryption. It’s the next topic the SNIA Networking Storage Forum (NSF) will cover in our Storage Networking Security Series. On April 29, 2020, we will host a live webcast, “Storage Networking Security Series: Protecting Data at Rest,” where we will cover the end-to-end process of securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated. As this series shows, there are many places along the chain where a weak link can break the entire process. One of the key aspects of keeping data secure – and probably the place where most people think of security – is what happens when the data is “at rest,” or being stored in some sort of stable media. Read More

Tracking Consumer Personal Data – A Major Headache for Data Administrators

Thomas Rivera Leave a comment

First, it is now well understood that the CCPA* mandates strict requirements for companies to notify users about how their data will be used, along with giving customers the ability to “Opt Out” and request that their data be deleted, mirroring some of the primary aspects of the EU GDPR legislation known as the ‘right to be forgotten.’

I was reading a recent article from ThreatPost, entitled: “California’s Tough New Privacy Law and its Biggest Challenges,” and I realized that this article brought up something that I was thinking about even before the California Consumer Privacy Act (CCPA) was enacted at the beginning of this year (2020).

Read More

Introducing the Storage Networking Security Webcast Series

J Metz
This series of webcasts, hosted by the SNIA Networking Storage Forum, is going to tackle an ambitious project – the scope of securing data, namely storage systems and storage networks. Obviously, many of the concepts and realities contained in this series are going to be broadly applicable to all kinds of data protection, but there are some aspects of security that have a unique impact on storage, storage systems, and storage networks. Because of the fact that security is a holistic concern, there has to be more than “naming the parts.” It’s important to understand how the pieces fit together, because it’s where those joints exist that many of the threats become real. Understanding Storage Security and Threats This presentation is going to go into the broad introduction of security principles in general. Read More

What Secure Data Deletion Means

Diane Marsili Leave a comment

The European Commission, Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs has issued COMMISSION REGULATION (EU) 2019/424 on 15 March 2019 laying down eco-design requirements for servers and data storage products pursuant to Directive 2009/125/EC of the European Parliament and of the Council and amending Commission Regulation (EU) No 617/2013.

While the focus is energy-related requirements, embedded in this regulation is a requirement for servers and storage systems having 4-400 drives (systems with less or more are exempted) to have an ability to perform secure data deletions; this functionality is required from 1 March 2020.

“Secure data deletion” means the effective erasure of all traces of existing data from a data storage device, overwriting the data completely in such a way that access to the original data, or parts of them, becomes infeasible for a given level of effort. Read More