CIO OPINION
Asking these four questions is the first step for CIOs to take in securing their organization ’ s data .
Is our storage infrastructure fully compliant ?
IEC 15408 ) for computer security that attests to storage being tamper-proof .
• Federal Information Processing Standard ( FIPS ): FIPS is a US standard developed by NIST . It establishes a set of requirements for technology solutions and is used by US government agencies when evaluating products and solutions .
• SEC Rule 17a-4 : This is a regulation issued by the US Securities and Exchange Commission that specifies ( among other things ) requirements for a WORM classification of the storage system .
As CIOs know , storage systems must be compliant with industry regulations . CIOs should ensure their storage infrastructure has the following security certifications / validations to save time evaluating whether an enterprise ’ s storage system meets industry requirements :
• Common Criteria ( CC ): The Common Criteria for Information Technology Security Evaluation – better known simply as Common Criteria – is an internationally-developed standard ( ISO /
As storage vendors are expected to invest extensive time and resources to pass most third-party security validations , having these certifications in place is a good way to confirm the storage system is secure .
Asking these four questions is the first step for CIOs to take in securing their organization ’ s data . By doing so , they can then take the recommended actions to ensure their data is protected in-flight and at-rest , backed up with data immutability and stored in systems that meet rigorous security certification requirements . p
46 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com