Storage security

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

Overview and introduction

According to the Storage Networking Industry Association (SNIA), storage security represents the convergence of the storage, networking, and security disciplines, technologies, and methodologies for the purpose of protecting and securing digital assets.[1] Historically, the focus has been on both the vendor aspects of making storage product more secure and the consumer aspects associated with using storage products in secure ways.

The SNIA Dictionary defines storage security as:
Technical controls, which may include integrity, confidentiality and availability controls, that protect storage resources and data from unauthorized users and uses.
ISO/IEC 27040 provides the following more comprehensive definition for storage security:
application of physical, technical and administrative controls to protect storage systems and infrastructure as well as the data stored within them
Note 1 to entry: Storage security is focused on protecting data (and its storage infrastructure) against unauthorized disclosure, modification or destruction while assuring its availability to authorized users.
Note 2 to entry: These controls may be preventive, detective, corrective, deterrent, recovery or compensatory in nature.

Relevant Standards and Specifications

Applying security to storage systems and ecosystems requires one to have a good working knowledge of an assortment of standards and specifications, including, but not limited to:

External links

References

  1. Eric A. Hibbard; Richard Austin. "Storage Security Professional's Guide to Skills and Knowledge" (PDF). www.snia.org/ssif. SNIA. Retrieved 18 August 2014.
This article is issued from Wikipedia - version of the 6/14/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.