SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Abstract
Storage and security professional don't typically move in the same technology and management circle within an organization, and as a result, storage frequently plays a diminished role in protecting the organization's digital assets. This situation is unfortunate because storage systems and infrastructure could be and effective weapon in the organization's war chest against cybercrime, cyberwarfare, and other less insidious types of incidents. One might say that storage could be the last line of defense in an organization's defense-in-depth strategy. The pressure to change is already there from the statutory and regulatory requirements, but the catalyst for this change could come from a new standard being developed by ISO/IEC Joint Technical Committee 1 / Subcommittee 27 (IT Security techniques). The new ISO/IEC 27040 "Storage security" project seeks to provide detailed technical guidance on the protection (security) of information where it is stored and to the security of the information being transferred across the communication links; it includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users This session introduces the new draft standard, highlights key elements of the guidance, and describes how it can be leveraged by an organization (RFPs, policy, skills, etc.).
Learning Objectives
General introduction to the ISO/IEC 27040 Storage security standard
Identifies key elements of the guidance (e.g., media sanitization)
Describes how this standard is likely to be used (from both a customer and vendor perspective)