Experts Discuss Key Edge Storage Security Challenges

March 25, 2022March 25, 2022 David McIntyre

The complex and changeable structure of edge computing, together with its network connections, massive real-time data, challenging operating environment, distributed edge cloud collaboration, and other characteristics, create a multitude of security challenges. It’s a topic the SNIA Networking Storage Forum (NSF) will take on as our “Storage Life on the Edge” webcast series continues. Join us on April 27, 2022 for “Storage Life on the Edge: Security Challenges” where I’ll be joined by security experts Thomas Rivera, CISSP, CIPP/US, CDPSE and Eric Hibbard, CISSP-ISSAP, ISSMP, ISSEP, CIPP/US, CIPT, CISA, CDPSE, CCSK as they explore these challenges and wade into the debate as to whether existing security practices and standards are adequate for this emerging area of computing. Our discussion will cover: Read More

Standards Watch: Storage Security Update

May 5, 2020May 5, 2020 Eric Hibbard Leave a comment

The world of storage security standards continues to evolve. In fact, it can be hard to keep up with all that’s happening. Here’s a quick recap of SNIA’s involvement and impact on some notable storage security work – past, present and future.

The Storage Security ISO/IEC 27040 standard provides security techniques and detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. SNIA has been a key industry advocate of this standard by providing many of the concepts and best practices dating back to 2006. Recently, the SNIA Storage Security Technical Work Group (TWG) authored a series of white papers that explored a range of topics covered by the ISO/IEC 27040 standard.

Addressing Cloud Security Threats with Standards

April 8, 2020April 15, 2020 Eric Hibbard

In a recent SNIA webinar, Cloud Standards: What They Are, Why You Should Care, the SNIA Cloud Storage Technologies Initiative (CSTI) highlighted some of the key cloud computing standards being developed and published by the ISO/IEC JTC 1/SC 38 (Cloud Computing and Distributed Platforms) and SC 27 (Information security, cybersecurity and privacy protection) standards committees. While ISO and IEC are not the only organizations producing cloud computing standards and specifications (e.g., ITU-T, OASIS, NIST, ENISA, SNIA, etc.), their standards, sometime developed jointly with ITU-T, can play a role in addressing WTO Agreement on Technical Barriers to Trade (TBT) issues. More importantly, they provide a baseline of cloud terminology, concepts, guidance/requirements, and expectations that are recognized internationally. Read More

Security Watch

May 15, 2019May 15, 2019 Diane Marsili Leave a comment

Issues related to security have great importance in IT today. SNIA is participating in the creation of international standards with leading security-focused industry organizations. Here’s an update on recent activities from the SNIA Security Technical Work Group (TWG):

Transport Layer Security

The SNIA Security TWG is keeping a keen eye on the TLS 1.3 landscape, which is starting to get interesting since the IETF approved RFC 8446 last August. TLS 1.3 is significantly different from previous versions and it is expected to have an impact on the mandatory elements for the SNIA TLS Specification for Storage and ISO/IEC 20648:2016, which are based on TLS 1.2. While TLS 1.2 is still valid and will be for some time, it is important to keep in mind that ISO standards like ISO/IEC 20648:2016 have a 5-year shelf life. SNIA plans to work on an update later this year so that a new specification is in place in 2021.