Manualshelf

.Part 5 Storage Security Best Practices and Support Information HP SAN Design Reference Guide 785355-001

ManualsBrandsHP ManualsStorageHP B-Series Remote Replication Solutions
12345678910
Nonrepudiation
Nonrepudiation ensures that all parties in a transaction are authenticated and verifies that they
participated in the transaction. Storage technologies are tied closely with data and are often the
last line of defense against attacks.
Security validation
Security validation establishes a secure audit trail across your organization. The audit trail serves
as proof of compliance for internal and external audits with real-time alerts. Validation is
accomplished using encryption, key management, and identity management, which creates an
integrated compliance solution across the organization.
To ensure compliance, every process you use must be repeatable, have demonstrated control points
(with documented responsible personnel), and include a tamper-proof audit tracking system.
Storage security best practices
To simplify storage security, the SNIA SSIF has developed the following security elements:
Storage system security—Secures embedded operating systems and applications. Integrates
with IT and security infrastructure, such as external authentication services, centralized logging,
and firewalls.
SRM—Securely provisions, monitors, tunes, reallocates, and controls storage resources to
ensure storage and retrieval of data.
Data in-flight—Protects the confidentiality, integrity, and availability of data as it is transferred
across the SAN, LAN, or WAN. This may also include traffic management.
Data at-rest—Protects the confidentiality, integrity, and availability of data stored on servers,
storage arrays, NAS appliances, tape libraries, and other media. The measures required
depend on the type of risk you are managing.
Compliance validation—Proof of compliance is required by government and industry
regulations. You must establish control points that ensure repeatable processes, assignment
of responsibilities, and role separation. You must be able to prove that policies are being
enforced for internal and external audits.
Assessing security risks
This section describes best practices for assessing and addressing security risks.
Managing organizational risks
Managing organizational risks involves the following actions:
Protecting IT resources
Protecting data in all states (at-rest, in-transit, or in-use)
Providing validation to internal and external auditors
The HP Secure Advantage solution addresses these security issues using a suite of integrated
products. Integration of encryption and key management technologies with identity management
in a hardened infrastructure ensures that the correct data is delivered to the intended users. Secure
Advantage provides the best layered end-to-end security approach with identity management at
the network, system, service, and application layers. It ensures a robust and proactive security
framework.
Data security implementations
Data security implementations are categorized as follows:
374 Storage security