CIO OPINION
Leveraging data encryption and secure transport protocols is the best defense against eavesdropping . CIOs should ensure their storage system supports these features : storage infrastructure has the following security certifications / validations to save time evaluating whether an enterprise ’ s storage system meets industry requirements :
• Server-Side Encryption ( SSE )
• Amazon Web Services Key Management Service ( AWS KMS )
Asking these four questions is the first step for CIOs to take in securing their organization ’ s data .
• Common Criteria ( CC ): The Common Criteria for Information Technology Security Evaluation – better known simply as Common Criteria – is an internationally-developed standard ( ISO / IEC 15408 ) for computer security that attests to storage being tamper-proof .
• SEC Rule 17a-4 : This is a regulation issued by the US Securities and Exchange Commission that specifies ( among other things ) requirements for a WORM classification of the storage system .
• OASIS Key Management Interoperability Protocol ( KMIP )
• Transport Layer Security / Secure Socket Layer ( TLS / SSL )
Is our storage infrastructure fully compliant ?
As CIOs know , storage systems must be compliant with industry regulations . CIOs should ensure their
As storage vendors are expected to invest extensive time and resources to pass most third-party security validations , having these certifications in place is a good way to confirm the storage system is secure .
Asking these four questions is the first step for CIOs to take in securing their organization ’ s data . By doing so , they can then take the recommended actions to ensure their data is protected in-flight and at-rest , backed up with data immutability and stored in systems that meet rigorous security certification requirements . p
46 INTELLIGENTCIO LATAM www . intelligentcio . com