Secure access to data on a storage system via direct connection to an internal fabric of the storage system may be provided. A storage system interface (SSI) may validate each I/O communication originating on the host system before allowing a corresponding I/O communication to be transmitted on the internal fabric. The validation may include applying predefined rules and/or ensuring that the I/O communication conforms to one or more technologies, e.g., NVMe. The SSI may be configured to encrypt I/O communications originating on a host system and to decrypt I/O communications received from the storage system, for example, in embodiments in which data is encrypted in flight from the host system to physical storage devices, and data may be encrypted at rest in memory of the storage system and/or on physical storage devices.