Security and privacy requirements are evolving fast prompted in part by initiatives coming out of the US and the EU. In the Open Compute Project security implementations are being introduced that have silicon and firmware impacts, but that promise a more open and common approach to security. Post Quantum Compute and CNSA 2.0 are another trend that will become a requirement the ecosystem is not yet ready. SBOMs and HBOMs (Software and Hardware Bills of Materials) on the horizon.
Data sanitization and circularity are also on the forefront with groups like IEEE 2883 Standard for Sanitizing Storage. Drives capable of crypto-erase, both SED and ISE, will become standard for HDDs to meet current and future requirements.
In this talk we will share an HDD device vendor view of these new changes. Many of the new requirements already exist in the HDD ecosystem and have for some time but are implemented in a proprietary way with third party firmware audits, penetration testing, FIPS and Common Criteria validation and verifiable sanitization methods.
In summary this is a complex landscape with a myriad of standards. Security, and sustainability are not well understood at the board room level, yet they are top priorities for all companies. The industry needs to coalesce around a common strategy and approach that ensures data security while understanding the costs and resource constraints related to major changes.
