1 / 42

Are you Safe and Secure?

Are you Safe and Secure?. International Spectrum Conference 2008. Are you Safe and Secure?. Nick Kelly – Product Manager Mark Fuller – Support Manager. Introduction . Have you looked at the risks that impact on your business from Security Breaches Unauthorized access to data

johnniepayton
Télécharger la présentation

Are you Safe and Secure?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Are you Safe and Secure? International Spectrum Conference 2008

  2. Are you Safe and Secure? Nick Kelly – Product ManagerMark Fuller – Support Manager

  3. Introduction • Have you looked at the risks that impact on your business from • Security Breaches • Unauthorized access to data • Unauthorized update of data • Loss of Service • Hardware Failure • Planned administration • What is their effect? • What techniques can reduce the risk? • How can Northgate and Reality Help?

  4. Security Breach - Risks • Hardware theft • Bypassing Operating System Security • Bypassing Application security • Scanning file system • Media theft • Scanning backup media • Break into your Windows / Unix Systems • Possible direct data access • Staff misuse of data • Some staff need access to files, but not the content

  5. Security Breach - Impact • Incident Cost • Management time • Operational effort • Legal Compliance Issue • Breach of Data Protection Act • Fairly and lawfully processed • Processed for limited purposes • Adequate, relevant and not excessive • Accurate and up to date • Not kept for longer than is necessary • Processed in line with your rights • Secure • Breach of Contract? • Reputation • Negative press attention … seen as a ‘blunder’ • Are we a ‘safe pair of hands’?

  6. Security Breach - Examples Cost $500,000! ID theft concerns over Eden Project stolen laptop IT Pro UK – Fri, 15 Jun 2007 12:45  ...identity theft. The laptop was looked after by an employee of XXXXXX , a company the Cornish tourist attraction uses to handle its payroll .  Chancellor admits HMRC lost 25 million people's data Alistair Darling says taxman lost disks containing the detailed child benefit information of 25 million individuals Cost potentially billions! (Compensation up to $600 per record, total 15 billion (UK)

  7. Database Access Security Firewall Network User Authentication Development User User MultiValue Application MV Platform Operations User MultiValue Database Database Backups Data Security Hacker Server Security Methods

  8. Database Security

  9. Database Security • Is your Database secure? • Can you control access? • By user, location, time or type of connection? • Can you detect inappropriate access? • Do you know who is accessing your database and when?

  10. Database Security – Reducing the Risk • MV Account Based Security • All users share the same user name and password • Advantages • Simple to Administer • Disadvantages • Can’t identify individuals • Hard to Audit • Difficult to tell if the security has been compromised • Passwords are difficult to secure

  11. Database Security – Reducing the Risk • User Based Security • Each user has unique user name and password • Advantages • Simple to Administer • Can Identify the individuals • Auditable • Can change their passwords • You should be able control how often, length and password history • Disadvantages • Identities can be conveyed to others or commandeered by others

  12. Database Security – Reducing the Risk • Location Based Security • Extends User based security • Limit individuals to pre-defined locations • Individuals can have multiple security profiles • Dependent on their location • Disadvantages • Have to define acceptable locations

  13. Database Security – Reducing the Risk • Time Based Security • Extends User based security • Logins are restricted to defined time periods • Advantages • Tighter control of User based security • Pre-defines allowable login times per user • Disadvantages • Have to define acceptable time windows

  14. Database Security – Reducing the Risk • Server Based Security (linked to user based security) • Allows same user different access rights to different services (Telnet, Web, SQL) • Advantages over User based security • Server processes can have different security profile than associated user • Disadvantages • Have to define more access rights

  15. Database Security – Using Reality • Reality is used in security critical systems • Police, Government, Military • Supports • Account Security • User Security • Location based security • Time Based • Server Based

  16. Data Security

  17. Data Security • Is your Data secure? • Can you prevent un-authorized access to the information on your media? • Disk & Tape • Can you control access to the data? • You may want to give file access but not the ability to understand the data

  18. Data Security – Reducing the Risk • Staff Vetting prior to data access • Advantages • Security by trust • Disadvantages • Costly & time consuming • Not foolproof • Intrusive

  19. Data Security– Reducing the Risk • Encrypt any data leaving site • Advantages • Protects backups held off-site • Disadvantages • Managing the encryption keys

  20. Data Security– Reducing the Risk • Data stored in an encrypted form • Advantages • Protects data at source • Transparent to the application • Disadvantages • Possible performance implications • Need to manage the keys

  21. Data Security– Using Reality’s Data Encryption at Rest • What is it • Transparently encrypts the data written to your database and other media • Access Management • Defines who is allowed access to encrypted data • Secure Management of encryption keys • Advantages • Selectively limits access to sensitive data • Reduced Security Boundary

  22. Data at Rest Encryption Demo – (contact us for details…)

  23. Loss of Service

  24. Loss of Service - Impact • Incident Cost • Management time • Operational effort • Contractual SLA’s • Breach of Contract? • Reputation • Negative press attention … • Are we a ‘safe pair of hands’? • Loss of business • Companies that aren’t able to resume operations within 10 days of a disaster are not likely to survive’ (source: Strategic Research Institute, Jan 2002.). • ‘Problems with IT cost small and medium enterprises (SME’s) £100 billion in lost turnover each year according to the London Business School. Computer crashes are estimated to cause losses of £31 million each year.’

  25. Loss of Service - Causes • Loss of: • Data • Hardware • Network infrastructure • Site • Staff! • May lose key staff members • Planned Admin • Vendor Capabilities • Software Reliability • Support Services

  26. Loss of Service Sometimes the worst does happen … Northgate HQ, Boundary Way, Hemel Hempstead6 am 11 December 2005

  27. Loss of Service – Reducing the Risk • Business Continuity & Disaster Recovery Planning • Put a BCP & DR plan in place & above all test it! • Some things to consider • Emergency Management Team • names, numbers, meeting venues, con. call numbers • Business Recovery Actions • an ordered list of the actions to be taken by the EMT • Site Details • site plan, departments, services delivered, key suppliers, tenants • IT Recovery • the site's IT facilities, switchboard lines, DR arrangements for these • Office Space Recovery • teams on site, contacts, numbers, alternate office locations • Site Management • site protection, salvage, security and safety • Longer Term Recovery Actions • the task of returning to "business as normal" • Support Services • from HR, int/ext communications, finance, property & security

  28. Loss of Service – Reducing the Risk • Resilient Hardware • Duplicate key hardware components • Disk Mirroring • Redundant power supplies, processors etc. • Redundant Networks • Hot Swappable Components • Advantages • Quick recovery • Little Admin • Disadvantages • Can still cause the system to fail and need to be restored • Only protects individual machines

  29. Loss of Service – Reducing the Risk • Regular backups (Offsite!) • Backup key data to removable media Tape, Disk • Advantages • You do have a copy of your data • Can be kept offsite • Disadvantages • Media deteriorates over time • Slow! • Costly! • Only protects individual machines

  30. Loss of Service – Reducing the Risk • Resilient File System • Journaling file system, allows the file system and database to recover to the last completed transaction when the machine unrepentantly stops • Advantages • Recovery can be to last completed transaction • Can be very quick to recover • Disadvantages • Additional load on system • Relies on storage devices being intact

  31. Loss of Service – Reducing the Risk • Hot standby systems • Second machine is maintained as a near real-time copy of the live running system • Advantages • No loss of service • Disadvantages • Normally ‘closely coupled’ – Requires real time data link • Can still lose both systems • Additional hardware costs

  32. Loss of Service – Reducing the Risk • Remote Hot Standby systems • A remotely hosted machine is maintained as a near real-time copy of the live running system • Advantages • Data copied off-site at the end of each transaction • Off-site machine can be ready to run • Disadvantages • Dependant on external communications link • Requires a communications link which can handle the throughput of the system • Can be costly – depending on options taken

  33. Preventing Loss of Service – Reality Fast Backup and Recovery • Backup & Restore your Database at near Media Speed • Backup while the system is still in use • In practice ‘near media speed’ is estimated to be up to 30 times faster than the current logical backup. • Examples • MOD • from 4 days to 9 hours (500GB) • Wolseley • from 2 hours to six minutes (50GB)

  34. Preventing Loss of Service – Reality Rapid Recovery File System • Protects Database Across a System Failure • Ensures File System Integrity • Ensures All Operations Either Complete or Roll Back • Providing Database and Log Disks Survive • Reduces Time to Recover Operational System

  35. Shadow Database Heartbeat Transaction Logging Unprotected Database Failsafe Gateway Gateway Data Data Data Logs Logs Primary System Secondary System Heart Beat Automatic Switch Manual Switch Failsafe Manual Switch Shadow Hardware Replay Log Transaction Logging Hardware Data Restore Replay Log Unprotected Hardware Data Restore Re-key from last restore Service Restoration Time Preventing Loss of Service -Reality Resilience Options

  36. Reality Environment Remote standby system(s) Reality Environment Reality Environment Reality Failsafe Environment or Standalone System Preventing Loss of Service - Reality Automated DR • Maintains remote disaster recovery systems • Further extends resilience options to support: • Remote hot backup systems • Operation over slow or intermittent communication links • Sourced from one or more machines • Secured up to the last completed transaction

  37. Loss of Service – Planned Administration • Service availability can be effected by the need to perform • File Sizing • Typically this is done while systems are offline • Costly! • Regular Backups • Normally done while systems are offline • Some sites running out of night to perform backup • System Upgrades • Software Upgrades

  38. Preventing Loss of Service – Planned Administration – with Reality • File Sizing • Auto File Sizing • Automatically adjust file sizes, in real time as data grows, with minimal system overhead • Never need to resize a file again! • Backups • Fast Backup and Recovery • Software Upgrades • Typical Reality upgrade takes no more than 20 minutes • Failsafe enables a phased upgrade to take place • Backwards compatibility guaranteed

  39. Loss of Service – Vendor Services • Northgate • 24 x 7 x 365 World wide support on Reality • Rapid response times • Operations in 46 countries • Very Stable product • Less than 30 faults ever outstanding world wide • Reality sites who have not had a loss of service in over 20 years

  40. Conclusion • Plan in advance • Create Business Continuity & Disaster Recovery plans (NOW) • Be aware of the Risks • Security Breach • Loss of Service • Data, • Hardware, • Network infrastructure, • Site, • Staff!

  41. Conclusion • Deploy techniques to mitigate those risks • Security Methods • Database Security • Data Security • Protect Your Service • Resilient Hardware • Regular backups • Resilient File System • Hot standby systems • Remote Hot Standby systems • Move to Reality • Northgate and Reality have the tools to protect your business

  42. Conclusion

More Related