SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Abstract
Many organizations face the challenge of implementing protection and data security measures to meet a wide range of requirements, including statutory and regulatory compliance. Too often the security associated with storage systems and infrastructure has been missed because of misconceptions and limited familiarity with the storage technology, or in the case of storage managers and administrators, a limited understanding of the inherent risks or basic security concepts. The net result of this situation is that digital assets are needlessly placed at risk of compromise due to data breaches, intentional corruption, being held hostage, or other malicious events. To help combat this situation, ISO/IEC Joint Technical Committee 1 / Subcommittee 27 (IT Security techniques) has undertaken a new standardization project, ISO/IEC 27040 "Storage security." This standard seeks to provide detailed technical guidance on the protection (security) of information where it is stored and to the security of the information being transferred across the communication links; it includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users. This session introduces the new draft standard, highlights key elements of the guidance, and describes how it can be leveraged by an organization (RFPs, policy, skills, etc.).
Learning Objectives
General introduction to the ISO/IEC 27040 Storage security standard
Identifies key elements of the guidance (e.g., media sanitization)
Describes how this standard is likely to be used (from both a customer and vendor perspective)