The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA), addressing the need for secure storage methods, has begun to develop a new standard, IEEE P1619, “Standard Architecture for Encrypted Shared Media,” to help protect information in comprehensive storage environments.
The IEEE Security in Storage Working Group (SISWG), which is developing IEEE P1619, will meet in Toronto on Oct. 10, and in Greenbelt, Md. on Dec. 10. Volunteer experts with experience relevant to the standard are invited to attend to help develop it.
A one-day workshop, the “First IEEE International Security in Storage Workshop” will be held on Dec. 11, also in Greenbelt. The workshop, which is cosponsored by the IEEE Task Force on Information Assurance and the IEEE Mass Storage Systems Technical Committee, will be an open forum for the latest research on storage security threats, technologies, methodologies and deployment.
IEEE P1619 will standardize secure cryptographic algorithms and methods, especially those that resolve problems with existing data storage encryption techniques. It will address issues such as fostering interoperability among different storage infrastructures, reducing the need for bonded data centers and freeing users from dependence on any one storage vendor. The group expects to circulate a draft standard for comment by spring 2003.
“Centralized data storage may make economic sense, but sensitive health, financial, legal and other records can be compromised if they are not well protected,” says Jim Hughes, IEEE P1619 Working Group Chair and a Fellow at StorageTek. “Storage consolidation will succeed only through a comprehensive systems approach to security.
“It’s clear that data at rest needs as much protection as it does when it is moving. We know a lot about key management and encryption in networks, but much less about them in storage,” said Hughes. “The new standard will be a major step toward correcting this situation and should help those who operate central data storage facilities to create secure, shared-storage systems that greatly reduce the potential for the misuse of data.”
The IEEE P1619 standard is sponsored by the IEEE Storage Systems Standards Committee within the IEEE Computer Society.