Solutions : Data Security Standards

Hitachi Data Systems Using Open Standards, Protecting Customers

Open standards drive our participation and interaction with a broad range of formal standards organizations as well as industry forums where we play a leadership role in establishing security criteria. Our active participation takes place in key security standards bodies and associations, which include:
 

Formal standards bodies

 
• All Fibre Channel standards - ANSI/INCITS T11
• IP storage, IP security, Transport Layer Security - IETF
• Security in Storage Working Group (encryption & key export) - IEEE/P1619
• Hardware roots of trust - Trusted Computing Group
• U.S. cyber security standards - ANSI/INCITS CS1
• World Wide Web Consortium (W3C) - Key Web standards

Industry associations

• Storage Network Industry Association (SNIA)
• Distributed Management Task Force (DMTF)

Please visit the following sites to learn more about other relevant security standards bodies 

• IT Security Techniques - ISO/IEC JTC1 SC27
• SCSI & Object-based Storage (OSD) security - ANSI/INCITS T10
• Security standards for U.S. Government - NIST/CSD Computer Security Resource Center

See also:

• The CERT^® Coordination Center
• The SANS (SysAdmin, Audit, Network, Security) Institute
• Information Security Forum (ISF) - The Standard of Good Practice for Information Security
• Open Information Systems Security Group (OISSG)

Defining the Elements of Storage Security With the Help of SNIA

Participation in SNIA is another way Hitachi Data Systems strives to address security requirements. Understanding the evolving language of storage security helps all who are involved with the development and implementation of security solutions including the security requirements of specific storage environments. Some of the Storage Network Industry Association (SNIA)-defined fundamentals begin here:

• Storage System Security (SSS) - Securing embedded operating systems and applications as well as integration with IT and security infrastructure, for example, external authentication services, centralized logging, and firewalls.
• Storage Resource Management (SRM) - Securely provisioning, monitoring, tuning, re-allocating, and controlling the storage resources so that data may be stored and retrieved. Includes all storage management
• Data In-Flight (DIF) - Protecting the confidentiality, integrity and/or availability of data as they are transferred across the storage network, the LAN, and the WAN
• Data At-Rest (DAR) - Protecting the confidentiality, integrity and/or availability of data residing on servers, storage arrays, NAS appliances, tape libraries, and other media (especially tape).

To learn more about SNIA, please visit www.snia.org.

See Also

• Data Security Solutions