Encryption, Key Management, and ISO/IEC 27040

SNIA has recently published a paper that I worked on with Eric Hibbard of Hitachi Data Systems and the SNIA Security Technical Work Group. This paper provides some insights into the requirements of ISO/IEC 27040 Information technology — Security techniques — Storage Security.

The paper is entitled Storage Security: Encryption and Key Management:

Abstract: The ISO/IEC 27040:2015 (Information technology – Security techniques – Storage security) standard provides detailed technical guidance on controls and methods for securing storage systems and ecosystems. This whitepaper describes the recommended guidelines for data confidentiality, including data in motion encryption, data at rest encryption, and key management. The practical implications of these recommendations are discussed from both an end user and storage vendor perspective.