Storage Networking Security Series: Protecting Data at Rest

Presented by

Pierre Mouallem, Lenovo; Ahmad Atamli, Mellanox; Steve Vanderlinden, Lenovo

About this talk

One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? What are the potential risks of the wrong people reading the data? These are just a few of the questions that we try to answer when we go through the process of securing data. Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so. For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing: • How requirements for “data at rest” differ from “data in flight” • Legal and regulatory reasons to protect (or delete) data at rest • Where and how data could be attacked • Understanding the costs of ransomware • How to protect cryptographic keys from malicious actors • Using key managers to properly manage cryptographic keys • Strengths and weaknesses of relying on government security recommendations • The importance of validating data backups... how stable is your media? After you watch the webcast, check out the Q&A blog at: https://bit.ly/2CWbh1J

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (363)
Subscribers (51608)
The Storage Networking Industry Association (SNIA) is a non-profit organization made up of member companies spanning information technology. A globally recognized and trusted authority, SNIA’s mission is to lead the storage industry in developing and promoting vendor-neutral architectures, standards and educational services that facilitate the efficient management, movement and security of information.