2023 has been an interesting and challenging year for storage security. The cyber threat landscape has witnessed large numbers of attacks impacting data and increased nation state activities directed at critical infrastructure. The regulatory landscape is undergoing change as well and potentially imposing requirements that necessitate adjustments to security capabilities, controls, and practices to reflect new realities. By the end of 2023 there will be significant changes to security standards and specifications relevant to storage. Emerging technologies could increase the storage security options. New practices and deployment strategies could add further protection for data. Security/privacy by design are no longer slogans and have become table-stakes to meet requirements in many sectors. This session concentrates on the new and emerging storage security elements and issues rather than covering storage security from a general perspective. In addition, the session homes in on those aspects that are potentially relevant to developers and architects.
Storage Security Update for Developers
- Understand key threat and regulatory landscape issues that could affect storage development
- Identify important security standards and specifications that should be considered in the development of storage products
- Recognize the implications and challenges associated with new practices and deployment strategies
---
The IEEE Security In Storage Work Group (SISWG) produces standards that many storage developers, storage vendors, and storage system operators care about, including: a) A family of standards on san
Operators of data storage systems are legally obligated to protect customer data, and can be subject to significant penalties.
Selling to the US Government can require getting FIPS (Federal Information Processing Standards) certification.Many storage products are based on Linux and Open Source code, which by themselves do
DMTF has released SPDM version 1.3, with a number of enhancements to the protocol.
The Key Per IO (KPIO) project was a joint initiative between NVM Express® and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal
Data immutability and retention locking have gained enormous traction over the last many years owing to a severe surge in number of cyber and ransomware attacks.
- Jagannathdas RathDell Technologies
The Storage Work Group under the Trusted Computing Group is active in security technologies related to data storage and focuses on data at rest encryption mechanisms.
SNIA Developer Conference
September 15-17, 2025
SDC 2025 is brought to you by SNIA. SNIA is an industry association committed to its mission of worldwide leadership developing and promoting architectures, standards, education and vendor-neutral collaboration.
