by Marty Foltyn
SNIA on Storage continues its preview of SNIA Tutorials at the Storage Visions Conference, a partner program of CES held on January 3-5, 2016 at the Luxor Hotel in Las Vegas. “SNIA Education Day” is held on afternoon of the pre-conference day at Storage Visions – January 3, 2016 – and is designed to give attendees the opportunity to learn about important storage topics on depth with leading industry speakers.
Five tutorials will be presented on the SNIA Education Day. In the December 17th SNIA on Storage blog, we featured the tutorial which examines the conflict between privacy and data protection as illustrated in the European Union, but really applicable worldwide. In the December 18 blog, we previewed the Practical Online Cache Analysis and Optimization tutorial. In the December 21 blog, we examined Massively Scalable File Storage – the Key to the Internet of Things. And in the December 22 blog, a tutorial in a new research area – Fog Computing – was explained.
Today we preview the final tutorial of the SNIA Education Day – Implementing Stored-Data Encryption, presented by Dr. Michael Willett of Bright Plaza.
Data security is top of mind for most businesses trying to respond to the constant barrage of news highlighting data theft, security breaches, and the resulting punitive costs. Combined with litigation risks, compliance issues and pending legislation, companies face a myriad of technologies and products that all claim to protect data-at-rest on storage devices. This SNIA Tutorial will answer the question “What is the right approach to encrypting stored data?”.
The Trusted Computing Group, with the active participation of the drive industry, has standardized on the technology for self-encrypting drives (SED): the encryption is implemented directly in the drive hardware and electronics. Mature SED products are now available from all the major drive companies, both HDD (rotating media) and SSD (solid state) and both laptops and data center. SEDs provide a low-cost, transparent, performance-optimized solution for stored-data encryption, but SEDs do not protect data in transit, upstream of the storage system.
For overall data protection, a layered encryption approach is advised. Sensitive data (eg, as identified by specific regulations: HIPAA, PCI DSS) may require encryption outside and upstream from storage, such as in selected applications or associated with database manipulations. This tutorial will examine a ‘pyramid’ approach to encryption: selected, sensitive data encrypted at the higher logical levels, with full data encryption for all stored data provided by SEDs.
SNIA Tutorial presenter Dr. Michael Willett serves as a consultant on the marketing of storage-based security and is currently working with the Bright Plaza executive team to promote the Drive Trust Alliance, whose mission is to promote adoption of SEDs in the marketplace. Dr. Willett received a Bachelor of Science degree from the US Air Force Academy (Top Secret clearance) and a Masters and PhD in mathematics from NC State University. After a career as a university professor of mathematics and computer science, Dr. Willett joined IBM as a design architect, moving into IBM’s Cryptography Competency Center. Later, Dr. Willett joined Fiderus, a security and privacy consulting practice, subsequently accepting a position with Wave Systems. Recently, Dr. Willett was a Senior Director at Seagate Research, focusing on security functionality on hard drives, including self-encryption, related standardization, product rollout, patent development, and partner liaison. Dr. Willett also chaired the OASIS Privacy Management Reference Model Technical Committee (PMRM TC), which has developed an operational reference model for implementing privacy requirements. Most recently, Dr. Willett worked with Samsung as a storage security strategist, helping to define their self-encryption strategy across Samsung’s portfolio of storage products.
SNIA is a proud sponsor of the Storage Visions Conference, a partner program of the Consumer Electronics Show (CES). Storage Visions, held in Las Vegas right before CES on January 3-5, 2016, is the place to explore the latest information on the rapidly evolving technology of digital storage and how it impacts consumer electronics, the internet of things, and storage in the cloud. If you have not registered for Storage Visions, head over to http://www.storagevisions.com for the conference preview. Take $100 off your registration with the link: https://sv2016.eventbrite.com/?discount=onehundredoff_67349921