SNIA-SDC23-Suhler-Storage-Sanitization-Why-When-How_0.pdf

1、1|2023 SNIA.All Rights Reserved.Virtual ConferenceSeptember 28-29,2021Storage Sanitization:Why,When,HowPaul SuhlerKIOXIA Corporation2|2023 SNIA.All Rights Reserved.AbstractOperators of data storage systems are legally obligated to protect customer data and can be subject to significant penalties for

2、 data breaches.This presentation will explore existing and upcoming standards to show the best practices for sanitizing customer data.3|2023 SNIA.All Rights Reserved.AgendaData breachesSanitization of storage devicesCustomer concernsCircularity and reuseThe standards environmentNew directions for sa

3、nitization4|2023 SNIA.All Rights Reserved.The PlayersVendor:The manufacturer of a storage device.Organization:The operator(and usually owner)of a storage device.User:The entity associated with the data stored on a storage device.May be the organization,storing their corporate data.May be a customer

4、of the organization,renting compute and storage from the organization.“User”can be recursive:A user may handle data private to customers of their own.5|2023 SNIA.All Rights Reserved.Avoiding Data BreachesOrganizations must ensure that user data does not escape their control.Data breach:User data is

5、accessible to an unauthorized entity.Device stolen or disposed of without removing user data.Attacker who has gained entry to the organizations system.An authorized user of the system who accesses another users data.Devices must be sanitized before being repurposed or discarded.6|2023 SNIA.All Right

6、s Reserved.What is Sanitization?Sanitization:Eradication of all user data from a storage device.Recovery of user data must be infeasible.Different methods of sanitization are resistant to different levels of attacks(See below.)Devices implement commands to sanitize user data.7|2023 SNIA.All Rights R