By Lisa Coleman
In October, the Storage Networking Industry Association's Security Industry Forum (SSIF) hopes to unveil a best-practices document for storage networking security, an issue that end users have identified as a primary concern.
The mission of the recently formed SSIF is to improve security of storage networks in a cooperative vendor-neutral fashion, says Mike Alvarado, SSIF chairman and product manager at NeoScale Systems.
Currently, there are no standards for storage networking security, although there are standards-such as the advanced encryption standard (AES) and the older data encryption standard (DES)-for data security. While SSIF is not a standards-making forum, it will research the tools, techniques, and practices currently being used for storage networking security.
The group will also investigate deployment of encryption on dedicated appliances in storage area networks (SANs) and incorporate specific deployment scenarios into a shared storage model.
"We are going to focus on more than just technology and standards," says Alvarado. "We're going to focus on best practices." He hopes to present a preliminary best-practices guide at this fall's Storage Networking World conference.
Currently, 13 companies are involved in the SSIF: Adaptec, Brocade, Computer Associates, Hewlett-Packard, IBM, Infinity I/O, JNI, McData, NeoScale, QLogic, Seagate, Spectra Logic, and Zyfer.
The SSIF is encouraging end-user participation and will tap another SNIA group-the Consumer Executive Council-for end-user feedback. (For more information on SNIA's end-user councils, see InfoStor, June 2002, p. 1.)
Alvarado believes end users will benefit from the council because not only will they have a best-practices guide for SAN security, but they will also be able to influence the development of technology, products, and standards that meet their needs.
"A lot of users don't have much experience with storage network security, so we're going to attempt to de-mystify it," he says.
For more information, visit www.snia.org/tech_activities.