This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."
Download it now to read this article plus other related content.
Is anyone in the storage industry even close to pulling this off? I do see a number of leading indicators that the industry is moving in this direction. For example:
- NetApp/Decru is championing an effort around key management, building a development community and pushing industry standards.
- IBM extended mainframe security functionality such as its encryption facility, Integrated Cryptographic Services Facility (ICSF) and Resource Access Control Facility (RACF) to storage management software and devices.
- In a model similar to Microsoft's, EMC has instituted its Common Security Platform (CSP), a set of security requirements for all EMC products. CSP covers everything from the way products are built to access controls to logging.
- Hitachi has embraced the ISO/IEC 21827:2002 Systems Security Engineering–Capability Maturity Model (SSE-CCM) to introduce security best practices in product development projects. Security testing has also transitioned from an ad hoc process to a formal phase in the QA cycle.
The bottom line
Security is neither
This was first published in May 2007