Storage Media security systems

Thoughts on the six commandments of ethical data management at http://www.cio.com/archive/070102/pledge.html. -paraphrased in Appendix 5

Storage Media security systems @ http://www.neoscale.com/English/Solutions/Whitepapers.html


Achieving PCI Compliance with Storage Security Solutions
Executive Summary
While hackers beating against the corporate firewall have captured the headlines, the breaches that are genuinely compromising business stability and consumer confidence are hitting data while in storage, known as data-at-rest.
Businesses have made significant strides in protecting their networks from external intrusion, but today's vulnerability is located in data storage. As banks, credit unions and companies strive to meet PCI compliance standards, they must tackle the complex issue of protecting data-at-rest through encryption, selecting solutions that are designed for the distributed, growing enterprise, provide the most efficient management of encryption keys, and introduce the least amount of operation disruption.
This white paper will examine the current security situation, outline the pros and cons of several storage security alternatives, and provide brief highlights of technical and operational best practices in addressing this security issue.


Privacy Compliance – Tape Media Protection and Data Privacy Issues
Executive Summary
Data privacy compliance generally has the following parameters:(i) only authorized user(s)/system(s) can access and modify only certain information that they are authorized and necessary to access, (ii) the privacy of the information is maintained, (iii) the integrity of the information is maintained, and (iv) auditable records are maintained which attests said access, privacy and integrity. When systems and storage resources have discrete access processes, organizations can more easily implement security measures which demonstrate compliance. Even so, organizations need to minimize operational risks. As resources, connections, access and media become more numerous and distributed, the complexity towards adhering to privacy guidelines becomes more challenging– this is especially true with distributed backup and business continuity functions. This paper explores the domestic HIPAA, GLBA, and SB-1386, EC Directives and Basel II privacy mandates in regards to the use of encryption as part of securing the archive process.