It’s rare to find any technology that works in complete seclusion from the rest of the industry. So when two fields that interact on a perpetual basis at the level of sensitive corporate and government data, you would expect a semblance of standards to regulate activity.
When it comes to storage and security, however, it is difficult to pin down any one overarching body of standards.
“Security in storage tends to be driven by compliance and company requirements but in Australia, company requirements around security are more so to protect sensitive data,” RSA principal consultant, Greg Singh, noted. “Why aren’t there specific standards around it? Mostly because traditionally there hasn’t been any.”
This is not to say the industry isn’t trying: Several organisations are working on the development of standards that link the two fields. There is the Institute of Electrical and Electronics Engineers (IEEE), the Inter National Committee on Information Technology Standards (INCITS), the LTO Consortium, the Trusted Computing Group (TCG), and the Storage Networking Industry Association’s (SNIA) Storage Security Industry Forum (SSIF).
Each of these organisations work on different aspects and to date – and perhaps understandably considering the pace of technological development in the industry – there is yet to be a complete set that covers the industry.