Defending the data center – just as in times past, there’s a premium for multiple layers of defense but they withheld hostile attacks for centuries. NonStop comes standard with good defenses and deploying NonStop? That’s a great place to start!
At a time when there is so much debate over the primary attributes of servers being deployed within a data center, it’s hard to imagine security being far from the minds of any CIO. Indeed, when the LinkedIn group, Mission Critical Systems Forum (facilitated by Oracle) saw a discussion start with the question, In one sentence, what do you think is the most important element when it comes to designing a new data centre? many of the responses focused on security.
Very quickly, we saw comments like “Security and data privacy”, “Uncompromised security that doesn’t slow down or come in way of genuine business needs”, “Business Continuity, security, Green, Less power consumption, more space, efficiencies, geographically stable” and even “How do we keep NSA and their partners out?” Standouts for me, when a list of attributes was included, apart from uncompromised security, geographically stable, and how can we ensure NSA isn’t at work inside our perimeters, was the number of times system security percolated to the top – not always the number one item, but on the whole, pretty close.
Hidden in the responses was language better suited to warfare, including attacks, defenses, and even fortresses. When it comes to the most important element of a new data center, erecting it within a castle comes to mind. And for good reason, as barely a week goes by without a government agency, a bank or retailer, or even a university, as was the case this week with the University of Maryland reporting a massive breach , including the theft of social security numbers (SSNs), acknowledging the loss of information.
In a post to the NonStop community blog, Real Time View, I look at many of the comments made in this discussion so I am not about to repeat myself – check out the post So much to read! for more of what I had to say on this topic – however, suffice to say, the topic of securing the data center is generating a lot of discussions. Therefore, it is only natural to think of the contribution NonStop can make and to look at the responses coming from the middleware vendors active in security, not the least among them being, of course, comForte.
Where comForte has focused its attention is on support “of the underlying security infrastructure on NonStop, making sure that data in transit and at rest is protected’, explained comForte CTO, Thomas Burg, in a recent email exchange. “comForte also provides a product that tokenizes Primary Account Number (PAN) data, with its SecurData offering,” added Burg, but in general, “we work to ensure PANs anywhere they come to rest are rendered unreadable as a last line of defence should data centre breaches occur.”
For the BASE24 community concerned about being truly PCI “compliant”, comForte provides a multipart YOUTUBE Whiteboard Session featuring comForte’s Chief Architect Michael Horst, and should you have a need to better understand the importance of PCI compliance, and where comForte products can be used, in particular, with how comForte can intercept and then tokenize PANs, this is a must-view session. However, in introducing the subject, comForte lays out in simple language some of the basic principles when it comes to securing data at rest, and the value of NonStop quickly becomes apparent.
Like the layers of an onion, as you peel away any one layer only to expose yet another, security inherently offers up a multi-pronged defence. In medieval times, castles were constructed to ensure the safety of the nobles that occupied them. Built atop a hill with good visibility in all directions, these castle fortresses provided centuries of protection. With a perimeter moat abutting thick high walls and towers, often with a second wall erected closer to the premises (and wide enough to allow cavalry to circulate), an attempt to penetrate any level could be readily detected and defensive actions initiated.
Defences of modern data centers are constructed in much the same manner. A company’s clients and business partners access their data centers via networks including the Internet and so the first line of defense will always involve network and perimeter security, a defense that would-be attackers must first determine how to bypass. These would-be attackers then encounter anti-virus software that they would need to overcome before they could infect a system with malware. For any malware to access files and databases they too would need to have the right level of access authority to pull information from a database, but even here, they are still at the mercy of the monitoring software that most likely has been configured with thresholds triggered through abnormal activity.
At the center of the multi-layered “onion” is the core, which, for the data center, is where personal information is involved, this should always be encrypted with the management of the encryption keys inaccessible to operations and applications programming staff. On paper, it all looks straight forward, unfortunately there’s just too many production systems written long before their capabilities were externalized as services, accessed from the internet and with data in the clear. It necessitates the need for security software as each layer is traversed.
For the NonStop community, there has been inbuilt protection supplied at nearly every level. The long history of being the go-to-platform for banks, retailers, and even stock exchanges has given NonStop developers years of exposure as to where defenses need to be mounted. In partnership with middleware vendors, even as the complexity of NonStop systems has grown, there’s product available at every level – protecting each and every layer unwanted attackers would encounter. In an aspect of business akin to warfare, NonStop may not be the only path to data but should business elect to deploy NonStop between the network and the data, a level of unsurpassed securability can be achieved.
Most of us will not have the opportunity to build a new data center and many of us will differ as to what is most important and which are the most important elements in designing a data center. However, this doesn’t stop us seeking out weaknesses and making sure we can see what’s coming, that our watchtowers are manned, and our drawbridges are raised. As history taught us, the arrival of gunpowder made these medieval defenses obsolete overnight – are we about to suffer the same fate? Will our fortress protect us from what surely is coming next!