A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Similar documents
A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Cloud Storage Security with a Focus on CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Interoperable Cloud Storage with the CDMI Standard

Securing Data While Leveraging Virtualized and Cloud Storage

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Building the Business Case for the Cloud

Cloud Storage Standards Overview and Research Ideas Brainstorm

Storage Clouds. Karthik Ramarao. Director of Strategy and Technology and CTO Asia Pacific, NetApp Board Director SNIA South Asia

What Cloud computing means in real life

Security Issues in Cloud Computing

Deploying Public, Private, and Hybrid Storage Clouds. Marty Stogsdill, Oracle

Cloud Archive & Long Term Preservation Challenges and Best Practices

Cloud Archiving. Paul Field Consultant

Cloud Data Management Interface (CDMI) The Cloud Storage Standard. Mark Carlson, SNIA TC and Oracle Chair, SNIA Cloud Storage TWG

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

in the Cloud - What To Do and What Not To Do Chad Thibodeau / Cleversafe Sebastian Zangaro / HP

Storage Clouds. Enterprise Architecture and the Cloud. Author and Presenter: Marty Stogsdill, Oracle

GOT LAWYERS? THEY'VE GOT STORAGE AND ESI IN THE CROSS-HAIRS!

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Cloud Storage: Where Does It Fit Into Tomorrow s IT?

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Archive and Preservation in the Cloud - Business Case, Challenges and Best Practices. Chad Thibodeau, Cleversafe, Inc. Sebastian Zangaro, HP

The standards landscape in cloud

Global Efforts to Secure Cloud Computing

Assessing Risks in the Cloud

Security Issues in Cloud Computing

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Business Case for the Cloud. Presenter: Alex McDonald, Industry Standards, CTO Office, NetApp Author: Marty Stogsdill, Oracle

Cloud Security Introduction and Overview

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Computing Standards: Overview and ITU-T positioning

Securing The Cloud. Russ Fellows, Managing Partner - Evaluator Group Inc.

Wayne M. Adams Board of Directors, Chairman Mark Carlson SNIA Cloud TWG Chair and Technical Council Member

journey to a hybrid cloud

Data Center Transformation. Russ Fellows, Managing Partner Evaluator Group Inc.

Implementing, Serving, and Using Cloud Storage

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

GOT LAWYERS? THEY'VE GOT STORAGE AND ESI IN THE CROSS-HAIRS!

CTR System Report FISMA

Managing Cloud Computing Risk

September 2009 Cloud Storage for Cloud Computing

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Storage Cloud Environments. Alex McDonald NetApp

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

SNIA Storage Security Best Practices

Cloud Security. DLT Solutions LLC June #DLTCloud

White Paper on CLOUD COMPUTING

Preparing for a Security Audit: Best Practices for Storage Professionals


Cloud Infrastructure Security

Looking at the SANS 20 Critical Security Controls

Cloud Security for Federal Agencies

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: , Volume-1, Issue-5, February 2014

John Essner, CISO Office of Information Technology State of New Jersey

in Transition to the Cloud

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Computing: Risks and Auditing

OVERVIEW Cloud Deployment Services

Key Considerations of Regulatory Compliance in the Public Cloud

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

The Keys to the Cloud: The Essentials of Cloud Contracting

LEGAL ISSUES IN CLOUD COMPUTING

How To Create A Cloud Backup Service

Storage Technology. Standards Trends

6 Cloud computing overview

Status Report on Storage Security Initiatives

Cloud Computing. Bringing the Cloud into Focus

A Survey on Cloud Security Issues and Techniques

Cloud Computing and Records Management

How To Manage Cloud Data Safely

Capturing the New Frontier:

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Managing Data Storage in the Public Cloud. October 2009

Cloud Computing Security Issues

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Deduplication s Role in Disaster Recovery. Thomas Rivera, SEPATON

Deduplication s Role in Disaster Recovery. Gene Nagle, EXAR Thomas Rivera, SEPATON

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Storage Multi-Tenancy for Cloud Computing. Paul Feresten, NetApp; SNIA Cloud Storage Initiative Member

Cloud Services Overview

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

Information Auditing and Governance of Cloud Computing IT Capstone Spring 2013 Sona Aryal Laura Webb Cameron University.

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

Transcription:

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems Author: Eric A. Hibbard, Hitachi Data Systems

SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced in their entirety without modification The SNIA must be acknowledged as the source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. Neither the author nor the presenter is an attorney and nothing in this presentation is intended to be, or should be construed as legal advice or an opinion of counsel. If you need legal advice or a legal opinion please contact your attorney. The information presented herein represents the author's personal opinion and current understanding of the relevant issues involved. The author, the presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information. NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK. 2

Abstract Cloud storage is emerging as a cloud offering that has appeal to a potentially broad set of organizations. Like other forms of cloud computing, the security must be addressed as part of good governance, managing risks and common sense. The Cloud Security Alliance (CSA) guidance on cloud computing security can be used as a starting point for what some believe is a makeor-break element of cloud storage. This session provides an introduction to cloud computing security concepts and issues as well as identifying key guidance and emerging standards. An overview of the current CSA materials and activities is also provided. The session concludes by providing a security review of the SNIA Cloud Data Management Interface (CDMI) specification, which includes protective measures employed in the management and access of data and storage. 3

Cloud Computing 101 4

Key Attributes of Cloud (All Must Be Met) Offsite, by third-party provider - In the cloud execution (offsite, locationagnostic) Accessed via the Internet - Standards-based, universal network access though this doesn t preclude security or quality-of-service value-add Minimal/No IT skills to implement - Online, simplified specification of services and no lengthy implementation of on-premise systems Automated Provisioning - Self-service requesting, near real-time deployment, dynamic & fine-grained scaling Fine-Grained Pricing - Usage-based pricing capability though some providers mask this granularity with long-term, fixed price agreements User Interface - browser & successors System Interface Via Web Services APIs - Providing a standards-based framework for accessing and integrating with and among cloud services Shared resources/common versions - Some ability to customize around the shared services, via configuration options within the service Source: IDC on The Cloud (http://blogs.idc.com/ie/?p=189) 5

Cloud Computing Characteristics On-demand self-service automated provisioning scenario in which capabilities such as server time and network storage can be obtained as needed, without requiring human interaction with the service s provider Broad network access style of interaction in which capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous platforms Resource pooling aggregation of a provider s computing resources to serve multiple consumers using a multitenant model, with physical and virtual resources dynamically assigned and reassigned on demand Rapid elasticity quick scaling of resources and capabilities to meet expansion and contraction of demand Measured Service metered dispensation of resources appropriate to a given type of service (e.g., storage, processing, bandwidth, and active user accounts), such that usage can be monitored, controlled, reported and billed 6

Cloud Service Models Software as a Service (SaaS) delivery over a network, on demand, of the use of an application Platform as a Service (PaaS) delivery over a network of a virtualized programming environment, consisting of an application deployment stack based on a virtual computing environment Infrastructure as a Service (IaaS) delivery over a network of an appropriately configured virtual computing environment, based on a request for a given service level Data Storage as a Service (DaaS) over a network of appropriately configured virtual storage and related data services, based on a request for a given service level SOURCE: SNIA Dictionary, http://www.snia.org/dictionary 7

Cloud Deployment Models Private cloud delivery of SaaS, PaaS, IaaS and/or DaaS to a restricted set of consumers, usually within a single organization Public cloud delivery of SaaS, PaaS, IaaS and/or DaaS to a relatively unrestricted set of consumers Community cloud cloud infrastructure shared by several organizations and supporting a specific community that has shared concerns Hybrid cloud composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability SOURCE: SNIA Dictionary, http://www.snia.org/dictionary 8

NIST View of the Cloud 9

An Application View of Cloud Application Domains Service Delivery Models Software-as-a-Service (SaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) Public Hybrid Private SOURCE: Cloud Security and Privacy, Mather, Kumaraswamy and Latif 2009, O Reilly, ISBN: 978-0-596-80276-9. 10

Standards & Specifications (1) Cloud Security Alliance (CSA) develops security guidance for the use and implementation of cloud computing Distributed Management Task Force (DMTF) has released whitepapers on cloud management and interoperability IEEE P2302 develops standards covering topology, functions, and governance for cloud-to-cloud interoperability and federation. ISO/IEC JTC 1 Subcommittee 27 (SC27) IT Security Techniques develops international standards covering information security management systems, cryptography and security mechanisms, security evaluation criteria, security controls and services, and Identity management and privacy technologies ISO/IEC JTC 1 Subcommittee 38 (SC38) Distributed Application Platforms and Services (DAPS) develops international standards covering Web services, SOA, and cloud computing 11

Standards & Specifications (2) Object Management Group (OMG) is modeling cloud deployments for portability, interoperability & reuse Open Cloud Consortium (OCC) has developed a benchmark and is working on a reference model for large data clouds Open Grid Forum (OGF) has published an Open Cloud Computing Interface (OCCI) to standardize cloud management tasks Storage Networking Industry Association (SNIA) develops specifications for storage related technologies, including storage management (SMI-S) and cloud storage (Cloud Data Management Interface or CDMI) 12

Sample Cloud SDO Relationships CSA ITU-T ENISA ISO/IEC SC27 ISO/IEC SC38 TCG INCITS CS1 INCITS DAPS38 NIST IEEE* SNIA DMTF Formal Informal 13

Security & Legal Issues for Cloud Computing 14

Top Security Concerns with Cloud Understanding how cloud services provide for the following: Preserving confidentiality, integrity and availability Maintaining appropriate levels of identity and access Control Ensuring appropriate audit and compliance capability Dealing with loss of control Physical and Logical access Trusting the cloud service providers 15

Cloud Security (or Insecurity) Core Information Assurance issues to address: Confidentiality Integrity Availability Possession Authenticity Utility Privacy Authorized use Non-repudiation Data loss and/or leakage measures become even more important Data aggregation changes the risk equation Legal and compliance forces require additional due diligence Forced exits and data disposition have to be carefully thought out Incident management become much more complicated 16

Possible Security Benefits Centralized data Segmented data and applications Better logging/accountability Standardized images for asset deployment Better resilience to attack & streamlined incident response More streamlined audit and compliance Better visibility to process Faster deployment of applications, services, etc. 17

Litigating in the Cloud Privacy and the Cloud Sensitive information is potentially moving around the Internet within the cloud in violation of law Data protection and security dependent on contractual terms and service level agreements Data may be crossing national boundaries (possibly multiple jurisdictions) Digital Evidence and the Cloud Amassing the forensic data from the various sources could be a serious challenge Real-time nature of cloud services may reduce the amount and nature of digital evidence The integrity and authenticity of data may be questionable (for example, inadequate protections against attacks) Electronic Discovery and the Cloud Organizations will have additional challenges identifying relevant data because business units are directly leveraging the Cloud Relevant data could be within the hands of a large number of third parties (suppliers to suppliers) 18

Jurisdictional Fog It has been said that possession is nine tenths of the law that may not be the case for cloud It is often the situation that an entity has to have some physical presence in a country in order for a government to obtain access to the entity s data In the era of the cloud, however, all that may be required is a physical presence of the cloud provider This is not limited to just the U.S. Patriot Act (other law enforcement authorities have invoked similar provisions) 19

Cloud Security Resources SNIA Cloud Storage Initiative, http://www.snia.org/cloud Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing, Cloud Controls Matrix, Top Threats to Cloud Computing, http://www.cloudsecurityalliance.org European Network and information Security Agency (ENISA), Cloud Computing Benefits, risks and recommendations for information security, http://www.enisa.europa.eu/ Information Systems Audit and Control Association (ISACA), Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, http://www.isaca.org Cloud Security and Privacy, Mather, Kumaraswamy, Latif, 2009, O Reilly Publishing, ISBN: 978-0-596-80276-9 20

Key Activities in Cloud Computing Security 21

Cloud Security Alliance (CSA) CSA is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing The CSA objectives: Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance. Promote independent research into best practices for cloud computing security. Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions. Create consensus lists of issues and guidance for cloud security assurance. 22

CSA Cloud Security Guidance Governance Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Operations Traditional Security, Business Continuity and Disaster Recovery Data Center Operations Incident Response, Notification and Remediation Application Security Portability and Interoperability Encryption and Key Management Identity and Access Management Virtualization NOTE: The governance domains are broad and address strategic and policy issues within a cloud computing environment, while the operational domains focus on more tactical security concerns and implementation within the architecture. SOURCE: Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing, Version 3.0, 2011, http://www.cloudsecurityalliance.org 23

CSA Cloud Controls Matrix v1.2 Provides mappings on Architectural relevance (Physical, Network, Compute, Storage, Application, Data and Corporate Governance) Delivery Models (SaaS, PaaS, IaaS) Supplier relationships (Service Provider and Tenant) Not currently aligned with the CSA guidance v3 Will be aligned with FedRAMP Compliance [6] Data Governance [8] Facility Security [8] Human Resources [3] Information Security [34] Legal [2] Operations Management [4] Risk Management [5] Release Management [5] Resiliency [8] Security Architecture [15] 24

CSA Top Threats v1.0 #1: Abuse and Nefarious Use of Cloud Computing #2: Insecure Interfaces and APIs #3: Malicious Insiders #4: Shared Technology Issues #5: Data Loss or Leakage #6: Account or Service Hijacking #7: Unknown Risk Profile 25

ITU-T Study Focus Group on Cloud (Threats for Cloud Security) For Cloud Service Users Responsibility Ambiguity Loss of Governance Loss of Trust Service Provider Lock-in Cloud Service User Remote Access Lack of Information/Asset Management Data loss and leakage Loss of Account/Service management For Cloud Service Providers Responsibility Ambiguity Protection Inconsistency Evolutional Risks Business Discontinuity Supplier Lock-in License Risks Bylaw Conflict Bad Integration Unsecure Administration API Shared Environment Hypervisor Isolation Failure Service Unavailability Data Unreliability Abuse Right of Cloud Service Provider 26

FedRAMP Federal Risk and Authorization Management Program (FedRAMP) US Government-wide program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Relevant for Cloud Service Providers (CSPs), Third Party Assessment Organizations (3PAOs), government employees and contractors working on FedRAMP projects, and any outside organizations that want to use or understand the FedRAMP assessment process. More information at: http://www.gsa.gov/portal/category/102371 27

FedRAMP Security Controls Access Control (AC) Awareness & Training (AT) Audit & Accountability (AU) Assessment & Authorization (CA) Configuration Management (CM) Contingency Planning (CP) Identification & Authentication (IA) Incident Response (IR) Maintenance (MA) Media Protection (MP) Physical & Environmental Protection (PE) Planning (PL) Risk Assessment (RA) System & Services Acquisition (SA) System & Communications Protection (SC) System & Information Integrity (SI) NOTE: Security controls were selected from the NIST catalog of controls and enhancements as described in Special Publication 800-53 as revised 28

Cloud Storage 29

Cloud Storage in a Nutshell Cloud storage is a model of networked online storage where data is stored on virtualized pools of storage which are generally hosted by third parties. - Wikipedia Cloud storage is: made up of many distributed resources that act as one fault tolerant through redundancy and distribution of data durable through the creation of versioned copies data replicas eventually consistent Advantages include: Only pay for storage used No need to install physical storage devices (credit card IT) Relieved of storage management/maintenance/protection tasks Immediate access to a broad range of resources and applications Maybe improved data security 30

Security Issues for Cloud Provider Data confidentiality Is data encrypted at-rest? In transit? If so, who manages the keys? Data segmentation assurances What are the assurances they provide which ensure that a tenant s data is kept isolated from others? Data replication Are there locality controls on where data can or cannot physically reside? Data sanitization policies Can they get rid of a tenant s data on demand? How long will that process take? Incident Management How are security incidents handled? Who does breach notifications? Independent assessment A 3 rd party assessment that validates the provider s policies and claims would be mandatory 31

Security Summary of SNIA CDMI (ISO/IEC 17826) 32

Cloud Data Management Interface Applicable to three types of cloud storage: Cloud storage for cloud computing Whitepaper at snia.org/cloud the management interface for the lifecycle of storage in a compute cloud Public storage cloud Both a data path for the cloud and a management path for the cloud data Private cloud storage As well as hybrid clouds An API for storage vendors selling into cloud based solutions Semantics Simple containers and data objects with tagged metadata Data system metadata expresses the data requirements Protocol RESTful HTTP as core interface style JSON (JavaScript Object Notation) format of the representations are extensible 33

CDMI Data Objects Stored data can be accessed using native protocols: HTTP, CIFS, NFS, iscsi, SQL, etc. Stored data can also be accessed using CDMI as a Data Path in a standardized manner. This facilitates: Cloud-to-cloud migration Cloud federation Cloud backup Cloud virus scanning Cloud search And more. Desired cloud storage characteristics can be associated with stored data: Replication, Compression, Placement, Retention, QoS, etc. 34

The Complete CDMI Picture 35

CDMI Security Summary Security refers to the protective measures employed in managing and accessing data and storage. Security measures: Include transport security, user and entity authentication, authorization and access controls, data integrity, data and media sanitization, data retention, protections against malware, data at rest encryption, and security capability queries. Take the form of mandatory, optional, and vendor extensions The transport security and security capability queries are mandatory for all implementation; all other security mechanisms are optional to implement. Client use of security is always optional, but encouraged. 36

CDMI Security Objectives Provide a mechanism that assures that the communications between a CDMI client and server cannot be read or modified by a third party Provide a mechanism that allows CDMI clients and servers to provide an assurance of their identity Provide a mechanism that allows control of the actions a CDMI client is permitted to perform on a CDMI server Provide a mechanism for records to be generated for actions performed by a CDMI client on a CDMI server Provide mechanisms to protect data at rest Provide a mechanism to eliminate data in a controlled manner Provide mechanisms to discover the security capabilities of a particular implementation 37

Exploiting the Mandatory and Optional Features Always check the security capabilities of your cloud service provider s CDMI implementation Ensure it has adequate protective measures Make a risk based decision to use a particular implementation Secure the communications Use Transport Layer Security (TLS), preferably TLS 1.2 Authenticate CDMI entities (certificates for servers; HTTP authentication for clients) Encrypt sensitive information communicated between CDMI entities. 38

Exploiting the Mandatory and Optional Features (cont.) Use Domains to provide a place for authentication mappings to external authentication providers Audit logging within the context of CDMI Establish logging queues and restrict access Capture messages for all security and data management events Make sure the CDMI client retrieves the messages on a regular basis 39

Exploiting the Mandatory and Optional Features (cont.) Align the automatic deletion capability with the organization s data retention policy Prior to using Holds, understand the process and mechanism for lifting the Holds For cryptographic functionality, it is always important to verify that the implementation has complied with the requested algorithm; something other than what was requested may be used 40

Final Thoughts 41

Summary It is possible to engineer solutions across most cloud services today that meet or exceed the security provided within the enterprise however, the capability to execute may not be a reality! The various value propositions of cloud (agility, low cost, scalability, security) are often conflated, suggesting all four can be achieved simultaneously and in equal proportions; this is a fallacy because trade-off are almost always required. 42

Cloud Security Tips Cloud-based security is not a substitute for existing ICT security think defense in depth Understand the Terms of Service this is the best you can expect Don t put anything in the cloud you wouldn t want someone else to see (government, competitor, or a private litigant) Placing consumer data in the cloud could put you at risk of violating the law where is it? 43

Final Thoughts Security and legal issues will persist as challenges for organizations that choose to use cloud computing, but there are promising signs that some of these issues will be addressed. It is, however, extremely important to understand the risks and to enter the cloud with your eyes wide open (i.e., select a cloud service provider that offers an appropriate set of contractual terms and conditions as well as demonstrable risk mitigations). 44

SNIA Security Organizations SNIA Security Technical Work Group (TWG) Focus: Requirements, architectures, interfaces, practices, technology, educational materials, and terminology for storage networking. http://www.snia.org/tech_activities/workgroups/security/ Storage Security Industry Forum (SSIF) Focus: Educational materials, customer needs, whitepapers, and best practices for storage security. http://www.snia.org/ssif 45

Other SNIA Security Tutorials Thursday (April 5 th @ 8:30): Storage Security - The ISO/IEC Standard Thursday (April 5 th @ 11:15): Implementing Stored- Data Encryption 46

Q&A / Feedback Please send any questions or comments on this presentation to SNIA: tracktutorials@snia.org Many thanks to the following individuals for their contributions to this tutorial. - SNIA Education Committee Eric A. Hibbard, CISSP, CISA Subhash Sankuratripati SNIA Security TWG SNIA Cloud Storage TWG 47

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information