iSCSI (eye-scuzzee), developed at IBM in the late 90's, is the preferred protocol for interacting with SAN devices. iSCSI works on a client/server model where the client (called the initiator) connects to the server (called the target) over any type of IP network and communicate as if the target were a locally mounted disk. This is advantageous to the initiator because, for all it cares, the SAN appears as a standard disk drive. iSCSI can also be run through any IP network so location is not a factor when deploying your SANs and servers--only link speed.

iSCSI also provides suitable authentication methods to ensure data integrity and confidentiality. iSCSI supports the CHAP (Challenge-Handshake Authentication Protocol) protocol, also known as the "three-way handshake", to authenticate initiators. Initiators can also be specifically mapped to drives in the iSCSI device. IPSec can run on top of the iSCSI protocol to protect the TCP packets transmitted throughout the network. iSCSI devices can also be run on a dedicated link to the servers thereby allowing for the servers (VMware ESX/Linux/Solaris/Windows/OS X/FreeBSD/etc) to manage access to the data. With these authentication measures, iSCSI is easily adaptable to the Sarbox legislation, HIPAA, and PCI DSS standards because of its ability to ensure that storage resources assigned to one entity cannot be accessed by other entities.