Abstract
There are many reasons to implement data protection security strategies regardless of if the data is financial, personal or confidential, risks are a moving target. The purpose of this systematic literary review was to examine articles and documents pertaining to data and storage security and to compare with modern regulatory compliance requirements to determine if gaps exist within the datacenter. Both academic and applied IT security papers were used as well as online governmental and industry sources. As part of this research, the components of the CIA triad were used as a baseline which resulted in a granular model. The model was applied to both quantitative and qualitative data that exposed deficiencies in data and storage security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
What is a Datacenter? Cisco. https://www.cisco.com/c/en/us/solutions/data-center-virtualization/what-is-a-data-center.html. Accessed 13 Dec 2019
What is a Datacenter? Definition from Techopedia. Techopedia.com. https://www.techopedia.com/definition/349/data-center. Accessed 13 Dec 2019
Beal, V.: What is structured data? Webopedia definition. https://www.webopedia.com/TERM/S/structured_data.html. Accessed 13 Dec 2019
Unstructured Data: Wikipedia, 03 December 2019
Weins, K.: Compare top public cloud providers: AWS vs Azure vs Google. Flexera Blog, 17 January 2018. https://www.flexera.com/blog/cloud/2018/01/compare-top-public-cloud-providers-aws-vs-azure-vs-google/. Accessed 13 Dec 2019
Poojary, P.: Understanding object storage and block storage use cases|cloud academy blog. Cloud Academy, 12 March 2019. https://cloudacademy.com/blog/object-storage-block-storage/. Accessed 13 Dec 2019
IBM: File-storage, 14 October 2019. https://www.ibm.com/cloud/learn/file-storage. Accessed 13 Dec 2019
Porter, Y., Piscopo, T., Marke, D.: Object storage versus block storage: understanding the technology differences. Druva, 14 August 2014. https://www.druva.com/blog/object-storage-versus-block-storage-understanding-technology-differences/. Accessed 13 Dec 2019
PCI SSC: PCI data security standard (PCI DSS). PCI SSC (May 2017)
Patterson, C.: Why your current disaster recovery strategy may not cover compliance. Navisite (November 2018)
Palmer, D.: What is GDPR? Everything you need to know about the new general data protection regulations. ZDNet. https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/. Accessed 16 Dec 2019
PCI SSC, “Payment Card Industry (PCI) Data Security Standard.” PCI SSC, Jun-2015
PCI SSC: The prioritized approach to pursue PCI DSS compliance. PCI SSC (June 2018)
Sivilli, F.: What is HIPAA compliance? | Requirements to be HIPAA compliant. Compliancy Group. https://compliancy-group.com/what-is-hipaa-compliance/. Accessed 16 Dec 2019
Amadeo, K.: 4 ways sarbanes-oxley stops corporate fraud. The Balance, October 2019. https://www.thebalance.com/sarbanes-oxley-act-of-2002-3306254. Accessed 16 Dec 2019
Frequently Asked Questions | FedRAMP.gov. https://fedramp.gov/faqs/. Accessed 17 Dec 2019
What’s Data Privacy Law in Your Country?: PrivacyPolicy.org, September 2019. https://www.privacypolicies.com/blog/privacy-law-by-country/. Accessed 29 Dec 2019
Mulligan, S.P., Freeman, W.C., Linebaugh, C.D.: Data protection law: an overview. Congressional Research Service (March 2019)
State Data Breach Law Summary: Baker & Hostetler LLP (July 2018)
California Consumer Privacy Act: Wikipedia, 18 December 2019
Sebayan, D.: How NIST can protect the CIA triad, including the often overlooked ‘I’ – integrity. IT Governance USA Blog, Apt 2018. https://www.itgovernanceusa.com/blog/how-nist-can-protect-the-cia-triad-including-the-often-overlooked-i-integrity. Accessed 17 Dec 2019
SNIA: Contact us via LiveChat!. SNIA (November 2018)
Schopmeyer, K.: Automation of SMI-S managed storage systems with Pywbem, p. 47 (2017)
Hubbert, S.: Datacenter storage; cost-effective strategies, implementation, and management. SNIA (2011)
Daniel, E., Vasanthi, N.A.: LDAP: a lightweight deduplication and auditing protocol for secure data storage in cloud environment. Cluster Comput. 22(1), 1247–1258 (2017). https://doi.org/10.1007/s10586-017-1382-6
Park, S.-W., Lim, J., Kim, J.N.: A secure storage system for sensitive data protection based on mobile virtualization. Int. J. Distrib. Sens. Netw. 11(2), 929380 (2015). https://doi.org/10.1155/2015/929380
Butler, K.R.B., McLaughlin, S., McDaniel, P.D.: Rootkit-resistant disks. In: Proceedings of the 15th ACM Conference on Computer and Communications Security - CCS 2008, Alexandria, Virginia, USA, p. 403 (2008). https://doi.org/10.1145/1455770.1455821
Tang, Y., et al.: NodeMerge: template based efficient data reduction for big-data causality analysis. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS 2018, Toronto, Canada, pp. 1324–1337 (2018). https://doi.org/10.1145/3243734.3243763
Hibbard, E.: Intro to encryption and key management: why, what and where? SNIA (2016)
Willett, M.: Implementing stored-data encryption, p. 50 (2012)
SNIA: Cloud data management interface (CDMITM) version 1.1.1. SNIA (March 2015)
SNIA: Storage security: an overview as applied to storage management version 1. SNIA (August 2016)
SNIA: Storage security: encryption and key management. SNIA (August 2015)
McKay, K.A., Polk, W.T., Chokhani, S.: Guidelines for the selection, configuration, and use of transport layer security (TLS) implementations. NIST (April 2014)
ENISA: ENISA threat landscape report 2018 15 top cyberthreats and trends. ENISA (January 2019)
Zhou, L., Varadharajan, V., Gopinath, K.: A secure role-based cloud storage system for encrypted patient-centric health records. Comput. J. 59(11), 1593–1611 (2016). https://doi.org/10.1093/comjnl/bxw019
Sarkar, M.K., Chatterjee, T.: Enhancing data storage security in cloud computing through steganography (2014)
Krahn, R., Trach, B., Vahldiek-Oberwagner, A., Knauth, T., Bhatotia, P., Fetzer, C.: Pesos: policy enhanced secure object store. In: Proceedings of the Thirteenth EuroSys Conference on - EuroSys 2018, Porto, Portugal, pp. 1–17 (2018). https://doi.org/10.1145/3190508.3190518
Hibbard, E.A.: Best practices for cloud security and privacy. SBIA (2014)
Hibbard, E., Rivera, T.: Reforming EU data protections… No ordinary sequel. SNIA (September 2014)
SNIA: TLS specification for storage systems. SNIA (November 2014)
SNIA: Storage networking industry association. SNIA (March 2018)
PCI SSC: Payment card industry (PCI) data security standard report on compliance. PCI DSS v3.2 Template for Report on Compliance. PCI (June 2018)
PCI SSC: PCI DSS quick reference guide understanding the payment card industry data security standard version 3.2. PCI SSC (October 2010)
Schaffer, K.: ITL bulletin May 2019 FIPS 140-3 adopts ISO/IEC standards. NIST, p. 3 (May 2019)
Brandão, L., Davidson, M., Mouha, N., Vassilev, A.: ITL bulletin for APRIL 2019 time to standardize threshold schemes for cryptographic primitives. NIST, p. 6 (April 2019)
Zyskind, G., Nathan, O., Pentland, A.: Decentralizing privacy: using blockchain to protect personal data. IEEE (Juk 2015)
Wang, H., Yang, D., Duan, N., Guo, Y., Zhang, L.: Medusa: blockchain powered log storage system. IEEE (March 2019)
Meslhy, E., Abd elkader, H., Eletriby, S.: Data security model for cloud computing. J. Commun. Comput. 10, 1047–1062 (2013). https://doi.org/10.13140/2.1.2064.4489
Jovanovic, V., Mirzoev, T.: Teaching storage infrastructure management and security. In: 2010 Information Security Curriculum Development Conference, New York, NY, USA, pp. 41–44 (2010). https://doi.org/10.1145/1940941.1940952
Butler, K.R.B., McLaughlin, S.E., McDaniel, P.D.: Non-volatile memory and disks: avenues for policy architectures. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, New York, NY, USA, pp. 77–84 (2007). https://doi.org/10.1145/1314466.1314479
Paik, J.-Y., Choi, J.-H., Jin, R., Wang, J., Cho, E.-S.: A storage-level detection mechanism against crypto-ransomware, pp. 2258–2260 (2018). https://doi.org/10.1145/3243734.3278491
Hibbard, E.A.: SNIA storage security best practices. SNIA (2015)
Hibbard, E.A.: SNIA storage security best practices. SNIA (2011)
ISO: ISO/IEC 27040:2015 information technology—security techniques—storage security. ISO (2015)
SNIA: NVM programming model (NPM). SNIA (June 2017)
SNIA: Storage security: fibre channel security. SNIA (2016)
SNIA: Sanitization. SNIA (March 2015)
SNIA: Architectural model for data integrity. SNIA (March 2012)
SNIA: Common RAID disk data format specification. SBIA (March 2009)
SNIA: Hypervisor storage interfaces for storage optimization white paper. SNIA (June 2010)
Gordan, J.: Practical Data Security (Unicom Applied Information Technology), 1st edn. (2019)
Talib, A.M., Atan, R., Murad, M.A.A., Abdullah, R.: A framework of multi agent system to facilitate security of cloud data storage. In: International Conference on Cloud Computing Virtualization, pp. 241–258 (2010)
Dharma, R., Venugopal, V., Sake, S., Dinh, V.: Building secure SANs. EMC (April 2013)
IBM: IBM storage insights: security guide. IBM (September 2019)
Hasan, R., Yurcik, W.: A statistical analysis of disclosed storage security breaches. In: Proceedings of the Second ACM Workshop on Storage Security and Survivability, New York, NY, USA, pp. 1–8 (2006). https://doi.org/10.1145/1179559.1179561
Vasilopoulos, D., Elkhiyaoui, K., Molva, R., Onen, M.: POROS: proof of data reliability for outsourced storage. In: Proceedings of the 6th International Workshop on Security in Cloud Computing, New York, NY, USA, pp. 27–37 (2018). https://doi.org/10.1145/3201595.3201600
Zhu, Y., Wang, H., Hu, Z., Ahn, G., Hu, H., Yau, S.S.: Dynamic audit services for integrity verification of outsourced storage in clouds. In: 2011 Proceedings of ACM Symposium on Applied Computing (SAC), pp. 1550–1557 (December 2010)
Subha, T., Jayashri, S.: Efficient privacy preserving integrity checking model for cloud data storage security. IEEE (January 2017)
Hou, H., Yu, J., Hao, R.: Cloud storage auditing with deduplication supporting different security levels according to data popularity. ScienceDirect (Nay 2019)
Schulz, G.: Cloud and Virtual Data Storage Networking, 1st edn. CRC Press, Boca Raton (2011)
Kwon, J., Johnson, M.E.: Meaningful healthcare security: does ‘meaningful-use’ attestation improve information security performance? EBSCOhost (December 2018)
Dell EMC: Dell EMC UnityTM family security configuration guide. Dell EMC (December 2018)
HDS: Hitachi virtual storage platform (VSP) encryption engine non-proprietary Cryptographic-FIPS 140-2 Module Security Policy. HDS (February 2019)
Li, L., Qian, K., Chen, Q., Hasan, R., Shao, G.: Developing hands-on labware for emerging database security. In: Proceedings of the 17th Annual Conference on Information Technology Education, New York, NY, USA, pp. 60–64 (2016). https://doi.org/10.1145/2978192.2978225
SNIA: Linear tape file system (LTFS) format specification. SNIA (May 2019)
SNIA: Self-contained information retention format (SIRF) specification. SNIA (December 2016)
SNIA: Multipath management API. SNIA (March 2010)
McMinn, M.: Information management—extensible access method (XAM)—Part 1: architecture. SNIA (June 2009)
McMinn, M.: Information management – extensible access method (XAM) – Part 2: C API. SNIA (June 2009)
McMinn, M.: Information management – extensible access method (XAM) – Part 3: Java API. SNIA (June 2009)
Dutch, M.: A data protection taxonomy. SNIA (June 2010)
SNIA: Data protection best practices. SNIA (October 2017)
Schopmeyer, A., Somasundaram, G.: Information Storage and Management: Storing, Managing, and Protecting Digital Information. O’Reilly, Sebastopol (2009)
Chang, Z., Hao, Y.: The research of disaster recovery about the network storage system base on ‘Safety Zone.’ IEEE (October 2009)
Jian-hua, Z., Nan, Z.: Cloud computing-based data storage and disaster recovery. IEEE (August 2011)
Wang, X., Cheng, G.: Design and implementation of universal city disaster recovery platform. IEEE (May 2018)
Bollinger, J., Enright, B., Valite, M.: Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan, 1st edn. O’Reilly, Sebastopol (2015)
Zhou, J.: On the security of cloud data storage and sharing. In: Proceedings of the 2nd International Workshop on Security in Cloud Computing, New York, NY, USA, pp. 1–2 (2014). https://doi.org/10.1145/2600075.2600087
Chen, M., Zadok, E.: Kurma: secure geo-distributed multi-cloud storage gateways. In: Proceedings of the 12th ACM International Conference on Systems and Storage - SYSTOR 2019, Haifa, Israel, pp. 109–120 (2019). https://doi.org/10.1145/3319647.3325830
Carlson, M., Espy, J.: IP-based drive management specification. SNIA (January 2017)
SNIA: iSCSI management API. SBIA (June 2008)
Fuxi, G., Yang, W.: Data Storage at the Nanoscale, 1st edn. Jenny Stanford Publishing (2015)
Rouse, M.: What is blockchain storage? SearchStorage (June 2019). https://searchstorage.techtarget.com/definition/blockchain-storage. Accessed 15 Dec 2019
BlockApps: How blockchain will disrupt data storage. BlockApps (Dec 2017). https://blockapps.net/blockchain-disrupt-data-storage/. Accessed 15 Dec 2019
Xu, Y.: Section-blockchain: a storage reduced blockchain protocol, the foundation of an autotrophic decentralized storage architecture. IEEE (December 2018)
Zheng, Q., Li, Y., Chen, P., Dong, X.: An innovative IPFS-based storage model for blockchain. IEEE (December 2018)
Veleva, P.: Personal data security for smart systems and devises with remote access. EBSCOhost (2019)
Virtualization Market Now ‘Mature,’ Gartner Finds: InformationWeek. https://www.informationweek.com/cloud/infrastructure-as-a-service/virtualization-market-now-mature-gartner-finds/d/d-id/1325529. Accessed 13 Dec 2019
Reasons Behind Storage Virtualization Software Use 2015: Statista. https://www.statista.com/statistics/678925/worldwide-storage-virtualization-software-use-reasons/. Accessed 13 Dec 2019
Liu, S.: Global data storage problems 2016–2017. Statista. https://www.statista.com/statistics/752840/worldwide-data-storage-problems/. Accessed 13 Dec 2019
ENISA Threat Landscape Report 2018. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018. Accessed 13 Dec 2019
DiGiacomo, J.: Active vs passive cyber attacks explained. Revision Legal, 14 February 2017. https://revisionlegal.com/cyber-security/active-passive-cyber-attacks-explained/. Accessed 22 Dec 2019
CMS: HIPAA basics for providers: privacy, security, and breach notification rules. CMS (September 2018)
U.S. Department of Health & Human Services - Office for Civil Rights. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Accessed 21 Dec 2019
O’Neil, C.: Opinion: big-data algorithms are manipulating us all. Wired, 18 October 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Goodman, H.B., Rowland, P. (2021). Deficiencies of Compliancy for Data and Storage. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-58703-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58702-4
Online ISBN: 978-3-030-58703-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)