Tag: Security standards
Standards Watch: Storage Security Update
The world of storage security standards continues to evolve. In fact, it can be hard to keep up with all that’s happening. Here’s a quick recap of SNIA’s involvement and impact on some notable storage security work – past, present and future.
The Storage Security ISO/IEC 27040 standard provides security techniques and detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. SNIA has been a key industry advocate of this standard by providing many of the concepts and best practices dating back to 2006. Recently, the SNIA Storage Security Technical Work Group (TWG) authored a series of white papers that explored a range of topics covered by the ISO/IEC 27040 standard.
Read MoreAddressing Cloud Security Threats with Standards
Security Watch
Issues related to security have great importance in IT today. SNIA is participating in the creation of international standards with leading security-focused industry organizations. Here’s an update on recent activities from the SNIA Security Technical Work Group (TWG):
Transport Layer Security
- The SNIA Security TWG is keeping a keen eye on the TLS 1.3 landscape, which is starting to get interesting since the IETF approved RFC 8446 last August. TLS 1.3 is significantly different from previous versions and it is expected to have an impact on the mandatory elements for the SNIA TLS Specification for Storage and ISO/IEC 20648:2016, which are based on TLS 1.2. While TLS 1.2 is still valid and will be for some time, it is important to keep in mind that ISO standards like ISO/IEC 20648:2016 have a 5-year shelf life. SNIA plans to work on an update later this year so that a new specification is in place in 2021.