Towards Regulatory Compliant Storage Systems
نویسنده
چکیده
Legislators and the courts have begun to recognize the importance of how electronically stored data should be maintained and secured, and how electronic data should be differentiated from their paper analogs. Examples of some of the sweeping pieces of electronic record management legislation include the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Gramm-Leach-Bliley Act (GLBA) of 1999, and the more recent Federal Information Security Management Act (FISMA) and Sarbanes-Oxley Act (SOX) of 2002. Altogether, there exist over 4,000 acts and regulations that govern digital storage, all with a varying range of requirements for maintaining electronic records. Storage systems vendors have quickly identified the large market opportunity and have modified existing systems and marketed them as compliance products. Sarbanes-Oxley compliance alone represents a market of over $5 billion [22]. Mostly, vendors add policy enhancements to existing storage platforms that aid in the maintenance and retention of data, such as forbidding data deletion. Current product offerings include EMC Centera Compliance Edition, HP Reference Information Storage Systems, and IBM Tivoli Security Compliance Manager. Many of these products fail to meet the new demands legislation places on storage systems. Systems must now provide confidentiality through encrypted storage and data transmission. Some legislation requires an auditable trail of changes made to electronic records that are accessible in real-time. This implies versioning files and providing a means of quickly retrieving versions from any point in time. Other legislation sets limits on the amount of time an organization may be liable for maintaining their electronic data, but for those data that go out of scope, permanently deleting data from magnetic media can be challenging. Because electronic data is dynamic, and therefore easily malleable on disk, new methods for authentication and non-repudiation need to be developed to ensure a binding of an individual to an auditable trail of data changes. Further, these systems must be robust against both external and internal attacks. A data loss or compromise due to negligence may result in an organization falling out of compliance and susceptible to litigation. In this proposal we introduce some completed technical contributions to the field of regulatory compliant storage, and propose a set of goals pursuant to completing a Ph.D. We begin with a treatment of the ext3cow file system; an open-source versioning file system designed to be a platform for developing regulatory compliant storage technologies.
منابع مشابه
TOWARDS REGULATORY COMPLIANT STORAGE SYSTEMS by Zachary Nathaniel
Legislators have begun to recognize the importance of how electronically stored data should be maintained and secured. Similarly, the courts have begun to differentiate electronic data from their paper analogs. Examples of some sweeping electronic record management legislation include: the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Gramm-Leach-Bliley Act (GLBA) of ...
متن کاملBistable Configurations of Compliant Mechanisms Modeled Using Four Links and Translational Joints
Bistable mechanical devices remain stable in two distinct positions without power input. They find application in valves, switches, closures, and clasps. Mechanically bistable behavior results from the storage and release of energy, typically in springs, with stable positions occurring at local minima of stored energy. Compliant mechanisms offer an elegant way to achieve this behavior by incorp...
متن کاملSecurity-Constrained Unit Commitment Considering Large-Scale Compressed Air Energy Storage (CAES) Integrated With Wind Power Generation
Environmental concerns and depletion of nonrenewable resources has made great interest towards renewable energy resources. Cleanness and high potential are factors that caused fast growth of wind energy. However, the stochastic nature of wind energy makes the presence of energy storage systems (ESS) in wind integrated power systems, inevitable. Due to capability of being used in large-scale sys...
متن کاملJob submission and management through web services: the experience with the CREAM service
Modern Grid middleware is built around components providing basic functionality, such as data storage, authentication, security, job management, resource monitoring and reservation. In this paper we describe the Computing Resource Execution and Management (CREAM) service. CREAM provides a Web service-based job execution and management capability for Grid systems; in particular, it is being used...
متن کاملTowards compliant data retention with probe storage on patterned media
We describe how the compliance requirements for data retention from recent laws such as the US Sarbanes Oxley Act may be supported by a tamper-evident secure storage system based on probe storage with a patterned magnetic medium. This medium supports normal read/write operations by out-of-plane magnetisation of individual dots. We report on an experiment to show that in principle the medium als...
متن کامل