Abstract: Techniques for providing a framework that quantifies security in DevOps deployments. The framework includes receiving parameters pertaining to specified factors relevant to security in multiple stages of a DevOps deployment, generating measurement values of the received parameters, calculating a score indicative of an overall level of security in the DevOps deployment based on an aggregation of the measurement values, and, in response to a comparison result of the calculated score against a predetermined threshold, detecting and identifying at least one security gap in the DevOps deployment. In this way, the detection and identification of potential gaps in DevOps security can be made earlier (or “shifted left”), allowing them to be addressed and/or mitigated with reduced DevOps downtime or failure.

Abstract: A method, computer program product, and computing system for receiving a re-initialization operation request for a storage array, the storage array including a plurality of self-encrypting drives. A reversion state may be determined for each self-encrypting drive of the plurality of self-encrypting drives. In response to determining that at least one self-encrypting drive is in an unreverted state, at least one predefined reversion key for reverting the at least one self-encrypting drive from a predefined area of the storage array may be accessed. Each self-encrypting drive of the plurality of self-encrypting drives in the unreverted state may be reverted to a reverted state using the at least one predefined reversion key.

Abstract: A method, computer program product, and computing system for receiving a re-initialization operation request for a storage array, the storage array including a plurality of self-encrypting drives. A reversion state may be determined for each self-encrypting drive of the plurality of self-encrypting drives. In response to determining that at least one self-encrypting drive is in an unreverted state, at least one predefined reversion key for reverting the at least one self-encrypting drive from a predefined area of the storage array may be accessed. Each self-encrypting drive of the plurality of self-encrypting drives in the unreverted state may be reverted to a reverted state using the at least one predefined reversion key.

Abstract: Techniques for providing a framework that quantifies security in DevOps deployments. The framework includes receiving parameters pertaining to specified factors relevant to security in multiple stages of a DevOps deployment, generating measurement values of the received parameters, calculating a score indicative of an overall level of security in the DevOps deployment based on an aggregation of the measurement values, and, in response to a comparison result of the calculated score against a predetermined threshold, detecting and identifying at least one security gap in the DevOps deployment. In this way, the detection and identification of potential gaps in DevOps security can be made earlier (or “shifted left”), allowing them to be addressed and/or mitigated with reduced DevOps downtime or failure.

Abstract: Digital certificates for a set of multiple network services are maintained in a certificate store and managed through a single access point that provides access to the certificate store. The certificates are managed, at least in part by i) assigning one or more tags to each digital certificate in the set of digital certificates, one of the tags indicating a service in the set of services that uses the digital certificate to perform secure communications over the communication network, and ii) performing a set of certificate management operations through the single access point to the certificate store. At least one of the certificate management operations performed through the single access point selects a subset of the digital certificates from the set of digital certificates based at least in part on the tags assigned to the digital certificates.

Abstract: Techniques provide for persistently storing state information regarding configuration requirements, such as STIG (Security Technical Implementation Guides) requirements. The state information may indicate whether all or one or more selected categories of requirements are enabled. The state information may be persistently stored and applied or hardened across multiple processor nodes as well as across system upgrades.

Abstract: The techniques presented herein provide managing embedded and external key management systems in a data storage system. An embedded encryption key management system is selected. A first unique signature is generated using a time parameter and a randomly generated value. A backup copy of the lockbox is created, wherein access to the backup copy of the lockbox requires providing a minimum number of unique data storage system values. The encryption key management system is switched to external. A second unique signature is generated for use with the local lockbox, wherein the signature generated using a time parameter and a randomly generated value. The encryption key management system is switched back to embedded and a third unique signature is generated for use with the local lockbox, wherein the signature is generated using a time parameter and a randomly generated value.

Abstract: A technique supplies a high security password. The technique involves receiving, by processing circuitry, a series of randomly generated values from random number generator circuitry. The technique further involves deriving, by the processing circuitry, an initial character string from the series of randomly generated values, each character of the initial character string being an element of a first collection of characters which includes lowercase letters and numbers. The technique further involves providing, by the processing circuitry and as the high security password, a modified character string based on (i) the initial character string and (ii) inclusion of at least one element of a second collection of characters which is mutually exclusive of the first collection of characters.

Abstract: Improved clustered storage systems make use of a software toggle switch stored in a shared persistent configuration database, which allows a peer node to be rebooted into a FIPS 140 mode defined by the switch and then to take over as master while the original master node reboots into the new FIPS 140 mode as defined by the switch. Advantageously, system availability is maintained as the nodes are rebooted sequentially while a master is always available. The persistent switch allows for synchronization, while also allowing persistence of state even in the event of a system crash.