The Storage Networking Industry Association (SNIA) announced its support and participation in the development of the ISO/IEC 27040:2015, the first international standard covering the broad topic of storage security. SNIA’s Security Technical Work Group (TWG), working through the U.S. National Body, served as a key storage industry contributor during the standard’s development. The TWG’s subject matter experts submitted and published works to help ISO/IEC JTC 1/SC 27 deliver a usable standard. The Security TWG has now shifted its focus to complimentary materials that will further enhance adoption of the new standard.
While often overlooked, storage security is relevant to anyone involved in owning, operating or using data storage devices, media or networks. Published in January 2015, the ISO/IEC 27040:2015 Information technology – Security techniques – Storage security (http://www.snia.org/securitytwg) standard provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well proven and consistent approach to the planning, design, documentation and implementation of storage security.
SNIA’s Security Technical Work Group has developed an Index for the ISO/IEC 27040:2015 standard (http://www.snia.org/securitytwg#index), which is perfectly aligned with the published standard and can be used to quickly locate terms and concepts throughout the standard.
“As data breaches persist, organizations are scrambling to find additional ways to protect their systems and data,” said Eric Hibbard, Chair of the SNIA TWG and ISO Editor for ISO/IEC 27040:2015. “Storage security is often overlooked and may be pressed into service as a last line of defense. ISO/IEC 27040:2015 provides the details that can help accomplish this.”
Considered a “guidance” standard, the ISO/IEC 27040:2015 is expected to increase visibility of storage security, drawing the attention of security and audit communities and expanding the expectations for storage professionals. The standard was designed to be easily implemented and includes materials that can assist a phased approach of implementing storage security controls.
SNIA’s Involvements in Security Standards
In addition to ISO/IEC, SNIA collaborates with a number of other external security industry organizations such as the American National Standards Institute (ANSI), International Committee for Information Technology Standards (INCITS), American Bar Association (ABA), Cloud Security Alliance, (CSA), Distributed Management Task Force (DMTF), Internet Engineering Task Force (IEFT), Organization for the Advancement of Structured Information Standards (OASIS) and Information Systems Audit and Control Association (ISACA) to develop a core body of knowledge for storage professionals to leverage.
About the SNIA Security Technical Work Group
The Security Technical Work Group (TWG) consists of storage security subject matter experts, from the SNIA membership, who collaborate to develop technical solutions to secure storage networks and protect data for installations from the departmental level to the multi-national enterprise. It also provides architectures and frameworks for the establishment of information security capabilities within the storage networking industry and guidance on the application of information assurance to storage systems/ecosystems as well as on matters of compliance as it relates to data protection and security. The focus of the Security TWG is directed toward both long-term and holistic security solutions. For more information about SNIA and Security, please visit: http://www.snia.org/securitytwg
The Storage Networking Industry Association (SNIA) is a not-for-profit global organization, made up of member companies spanning the global storage market. SNIA’s mission is to lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organizations in the management of information. To this end, the SNIA is uniquely committed to delivering standards, education, and services that will propel open storage networking solutions into the broader market. For more information, visit http://www.snia.org.