Intelligent CIO Europe Issue 47 - Page 86

FINAL WORD ensure data is secured in transit and in their storage system . Leveraging data encryption and secure transport protocols is the best defence against eavesdropping . CIOs should ensure their storage system supports these features :
• Server-Side Encryption ( SSE )
• Amazon Web Services Key Management Service ( AWS KMS )
• OASIS Key Management Interoperability Protocol ( KMIP )
• Transport Layer Security / Secure Socket Layer ( TLS / SSL )
Is our storage infrastructure fully compliant ? for computer security that attests to storage being tamper-proof .
• Federal Information Processing Standard ( FIPS ): FIPS is a US standard developed by NIST . It establishes a set of requirements for technology solutions and is used by US government agencies when evaluating products and solutions .
• SEC Rule 17a-4 : This is a regulation issued by the US Securities and Exchange Commission that specifies ( among other things ) requirements for a WORM classification of the storage system .
As storage vendors are expected to invest extensive time and resources to pass most third-party security validations , having these certifications in place is a good way to confirm the storage system is secure .
As CIOs know , storage systems must be compliant with industry regulations . CIOs should ensure their storage infrastructure has the following security certifications / validations to save time evaluating whether an enterprise ’ s storage system meets industry requirements :
Asking these four questions is the first step for CIOs to take in securing their organisation ’ s data . By doing so , they can then take the recommended actions to ensure their data is protected in-flight and at-rest , backed up with data immutability and stored in systems that meet rigorous security certification requirements . p
• Common Criteria ( CC ): The Common Criteria for Information Technology Security Evaluation – better known simply as Common Criteria – is an internationally-developed standard ( ISO / IEC 15408 )
Asking these four questions is the first step for CIOs to take in securing their organisation ’ s data .
86 INTELLIGENTCIO EUROPE www . intelligentcio . com