 |
The last bullet item (trust inspections) is closely related to the topic of underwriting. In this post I'd like to highlight the role that trust taxonomies will play as the industry moves in the direction of data set underwriting and/or cyber-insurance. My general thesis has been as follows: insurers need a straightforward and audit-able way to evaluate the data protection levels of individual data sets. This approach would be greatly facilitated by a complete, thorough, and industry standard taxonomy for describing trusted infrastructure capabilities. My colleague Nikhil Sharma has already written about an emerging trust taxonomy that is taking shape within EMC, and I've re-posted this taxonomy via the diagram below. This diagram highlights that a trusted infrastructure goes beyond the definitions of security, availability, and recovery. In particular, the data insurance and trust inspection use case will require a high level of transparency in the form of (a) assessing the infrastructure, (b) creating ongoing reports about data protection, and (c) disclosing current and previous levels of protection on a moment's notice. Nikhil closes his article by stating the following: Trusted Infrastructure will need an open abstraction layer, Trust APIs, for use in higher level stacks like Hypervisor or Cloud OS. I certainly agree with this statement. However, the higher-level abstraction layer requires lower-level standardized trust transparency as well (e.g. storage, network, server, etc). In an upcoming post I will discuss the need for adding this robust trust taxonomy into a software-defined storage layer. Steve EMC Fellow
|
|
|
