Month: September 2017

Data Security – lessons from Equifax and HBO

Data Security
Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net

You can ask Equifax, Ashley Madison, or HBO how data security worked out for them.

With the latest high-profile attacks at large companies that hold customer data, anyone that stores sensitive information within their computer systems should take a look at their data security policies.  While this article won’t help you develop a detailed data security plan, I hope that it will start to explain several of the things that you should know and address.

For starters, let’s talk nomenclature.  Digital data has three states.  These states are agreed upon, however what each encompasses is often debated.  These three states are data-in-use, data-in-motion, and data-at-rest. Addressing these three states will encompass all of your data and potential data exposure.

Data-in-use

Data-in-use is data that resides in a processing device (like your computer) and is actively held in memory.  Most of the security risks that happen with data-in-use happen when people have physical access to the computers that are using this data, systems are in a poor state of update or malware protection, or network accounts and security are lax.

Solutions to these issues are fairly straight forward.  Keep computing resources physically secure.  Make sure anti-virus and anti-malware software up to date.  When operating systems and application updates and patches come out, install them.  Good systems administration is also key.  User accounts are secure.  Disable or delete old or unused accounts.  Educate users to recognize potential data leaks due to poor security practices.  Use means to limit access to data to only trusted resources using protocols like CHAP or ACLs.  Keep tight control over other means of access like vender portals and outside APIs that you may use.

Data-in-motion

Data that is moving from storage to processing is considered data-in-motion.  This usually means the WAN or network, where your data traverses in its journey between at-rest and in-use.  This also includes transport in the cloud, where data may be moving over very public networks on its way between -use and -rest.

The most common way to defend against data-in-motion snooping is to encrypt data.  Always encrypt data-in-motion.  Always.  Many vendors provide virtual private network (VPN) solutions, or WAN acceleration appliances that include encryption as part of the package.  This is traditionally for WAN usage and encrypts the entire communications channel.  There are also solutions for local LAN traffic.  Check out IPSec if you haven’t already.  It may also be worth your while to consider encrypting your data itself, not just the traffic tunnels.  This will become expensive, either in real dollars or in computation, so it may not be a fit for your organization.

Limiting physical access to your network is also a must.  Keep your networking gear behind locked doors, and secure any wireless access.  Again, this is all basic Network Security 101.

Data-at-rest

Data that is stored on a device, but it is not actively being used, is considered data-at-rest.  This usually means disk, appliance, tape or other removable device.  Yes, thumb drives and CDs are included in data security plans.  Data security plans often overlook backups and backup media, too.

Securing data at rest is again all about physical security and encryption.  Physically secure your storage appliances and tapes and you have solved 90% of the issues with data-at-rest security.  If no one can get to your data, then no one can steal your data.  For data encryption there are also solutions.  There are software applications that will encrypt data, and several operating system vendors have included this functionality in their OSes.  This does tend to slow systems down.

Appliances are also a solution to encrypting data.  There are speciality manufacturers that will sit in between storage media and computing resources that will encrypt data “on the fly”.  These tend to be a bit expensive and are for speciality applications.

Seagate makes a Self-Encrypting Disk (SED).  Special chipsets encrypt everything written or read from this disk.  This disk tends to be a bit slower than traditional disk (figure a 10% penalty on reads and writes), but is a nice solution for those clients that may be trying to meet data security standards.  The disk does not store encryption keys.  Therefore, taking disks does not compromise data.  But for heaven’s sake DO NOT FORGET OR LOSE YOUR KEYS.

Summarizing Data Security

In this article, we have discussed data security.  A data security plan must consider each state of data separately.  Security measures may span more than one state, but remember they are implemented differently dependent on state.  This article is an introduction to basic data security.  It is not all encompassing.  We have only scratched the surface.  Read up, work with your in-house security people, or engage competent data security consultants to get the best security that you can.  Your data may not include government officials looking to “hook-up”, or the spoilers for next season’s Game of Thrones but you never know.

 

 

 

 

 

 

Share this:

The case for HCI – a user survey review

Computer survey
Image courtesy of Master isolated images at FreeDigitalPhotos.net

I recently had the opportunity to review some information collected by TechValidate on an HCI vendor, Scale Computing. Now, for full disclosure, AR Consultant Group is a partner of Scale Computing.  Scale Computing makes an HCI product marketed under the product family of HC3.  Even so, data collected by TechValidate is pertinent to HCI solutions across the board.  After reviewing the data and how it was presented, I found it not only easy to research, but a great way to show potential customers and even those mildly curious the advantages of HCI.

Many are not familiar with HCI, or HyperConverged Infrastructure.  It is the combination of compute resources, storage, and hypervisor without the licensing costs in a single preconfigured package.  Certainly, there are other things that vendors add in order to differentiate themselves, but these three are standard within the hyperconverged solution set.  In this particular instance, Scale Computing targets the SMB community, those businesses with between 100 to 500 employees and 1 to 5 IT staff.

The Data

First and foremost, the data bowled me over.  Not the actual data itself, but the method with which the data is presented.  If you haven’t seen the TechValidate package, then you certainly should.  It is a great way to present data and customer opinions.  TechValidate surveyed customers after purchase on what product advantages they found and other traditional data points.  They then presented this data using real-life Scale customers.  The company profiles also back the data up.  Seems like an innovative way to proactively publish data that allows customers and prospective clients to investigate specific data points that interest them – from people that are actually using the product.

The Results

The graphs provided by TechValidate center around challenges that are solved by the Scale HC3 solution.  Also charted are what benefits the customer perceives from a hyperconverged solution.  First, let’s examine the Operational Challenges data.

Operational Challenges Solved by HCI

Operational Challenges solved by hyperconvered technologies from Scale fell primarily into two categories – improvement of processes and reduction of cost or complexity.

The improvement of process challenges appear to revolve around the benefits of virtualization in a preconfigured clustered setup.  By handling the hardware and software clustering aspects of virtualization through hyperconversion, these solutions allow for hassle-free increases in customer processes.   Server hardware clustering and failover, failover of other infrastructure aspects, and simplification of disaster recovery became much simplier.  In other words, the manufacturer made these benefits easy to implement for customer business.

Customer Content verified by TechValidate.


Reducing cost and complexity of hyperconverged solutions, allows customers to enjoy reduced cost of purchasing everything separately.  This also reduces time spent in administration of all the systems separately,  It reduces complexity of support through having a single vendor support contract.

By making the IT function more efficient and getting more value for the budget, this survey addresses many of the main concerns of staff and management of the SMB.

Biggest Benefit from Scale Computing HCI

A follow-up survey asked customers of Scale Computing about the actual business benefits they found from implementing HC3.  Again, these fell into two basic categories – Ease of use and improvement to the information technology environment.

Customer References verified by TechValidate.


Ease of use is the largest benefit by a large margin.  Making the product easy to use increases the interest from customers. “Hey, this will work for me“.  It also shows a benefit to the customer.  Now that it is “easier” to do tasks it therefore cuts down on my after-hours/weekend work.  In addition, it gives me the time to pursue other projects.  It is also easier to train new staff on how to support the system. Believe me, coming from a guy who carried a weekend pager and supported physical servers, these are huge benefits.

Improvement of environment encompasses many different benefits that customers found.  Benefits included improved reliability, scalability, and high availability of business critical workloads.  While these benefits are available to any company, the ability of a single product to bring all these benefits together is a game changer.  It is now possible to get these benefits from a single package that works in your environment.  With a minimum of stress.  It is also expandable and less expensive than doing it a la carte.

The Feedback

It is refreshing to see actual verifiable customer feedback from a third party, not marketing slicks.  Data that extols the value of both HCI, and Scale Computing’s implementation of HCI .  This customer feedback is available in a condensed form.  There is also the ability to dive deeper into the data. So potential customers can research their industry, geographical location, and company size.  These are real world data points from customers, not a marketing department.

 

Share this: