New standard aims to protect data

The Institute of Electrical and Electronics Engineers Standards Association has begun to develop a new standard aimed at helping protect information in centralised storage environments.

As organisations increasingly store data in large facilities owned or operated by others, the need for secure storage methods becomes more vital.

In addressing this need, The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA) has begun to develop a new standard – IEEE P1619 – ‘Standard Architecture for Encrypted Shared Media,’ to help protect information in comprehensive storage environments.

IEEE P1619 will standardise secure cryptographic algorithms and methods, especially those that resolve problems with existing data storage encryption techniques. It will address issues such as fostering interoperability among different storage infrastructures, reducing the need for bonded data centres and freeing users from dependence on any one storage vendor.

The group expects to circulate a draft standard for comment by spring 2003.

‘Centralised data storage may make economic sense, but sensitive health, financial, legal and other records can be compromised if they are not well protected,’ said Jim Hughes, IEEE P1619 Working Group Chair and a Fellow at StorageTek.

‘Storage consolidation will succeed only through a comprehensive systems approach to security,’ he added.

‘It’s clear that data at rest needs as much protection as it does when it is moving. We know a lot about key management and encryption in networks, but much less about them in storage,’ said Hughes.

‘The new standard will be a major step toward correcting this situation and should help those who operate central data storage facilities to create secure, shared-storage systems that greatly reduce the potential for the misuse of data.’

The IEEE P1619 standard is sponsored by the IEEE Storage Systems Standards Committee within the IEEE Computer Society.