Given that ISO 27040 for storage security is about to land in the next year or so, where do people think the next big security impacts to storage going to come from?
Interesting question because ISO/IEC 27040 covers both the pedantic storage security issues (e.g., LUN masking, zoning, media sanitization, encryption, etc.) as well as some of the more esoteric issues like secure multi-tenancy, security autonomous data movement, and securing long-term archives. It's been written to remain relevant and useful for about a 5 year period of time, which is the normal refresh cycle for ISO/IEC JTC 1 standards.
With that said, I think some of the biggest impacts are going to be privacy driven. The new EU Data Protection Rules are likely to force significant changes in the way data is stored and handled (location becomes potentially more important) as well as changing the dynamics associated with data breaches. The storage industry (vendors and customers alike) really haven't had to pay much attention to data breaches, but the new definitions include things like data corruptions and destructions, which makes the storage industry a player. We're already seeing some similar trends with U.S. healthcare changes (specifically HIPAA/HITECH).
Virtualization, cloud computing, and big data are all emerging areas that will probably have an impact on storage security. Using cloud as an example, there will be a definite need to be able to move data in and out of certain cloud service providers; this implies certain standardization (e.g., SNIA's CDMI), but it also means there is a need to work to secure "containerized" data (possibly along the lines of SNIA's SIRF).
Retrieving data ...