Protecting root cause of insecurity must for securing a datacenter
The world has always been vulnerable and insecure. The primary reason for the insecurity in the world can be narrowed down to greed of human beings to gain power. Human race is still finding the reason of its existence and is in a phase of understanding its purpose. Till the time this answer is found, mankind will continue to follow set of rules for the so called development that is pre-defined. This rule of development i.e. win against another human, is really dangerous and in this race to be better against other humans, poor data has become insecure
Coming to the point of datacenter security, there are three types of challenges we need to look at
* Protection against data loss.
* Protecting systems from unavailability
* Protection of data from theft.
If there is fire, flood or any accident that takes place in a data center, it can result in data loss and unavailability of services. On the other hand, if this is done deliberately, it is called as DoS (Denial of Service). The best method to address both these potential threats is adoption of distributed system architecture. In typical distributed architecture, the application & database are in separate layers and are distributed across multiple datacenters, with the traffic flow being handled by these multiple datacenters. The spread of data across multiple Datacenters helps eliminate the risk of data loss in case of any mishap at one of the datacenter locations as the latest copy of data is available at the other datacenter. Backups using Object storage methodology at multiple datacenters helps in keeping data safe and intact. Use of CDN service is one of the best examples that implements this kind of solution.
The threat of data theft can originate either from known sources and/or unknown sources. The threat & impact from known sources is always greater in comparison to that from unknown sources since the latter are not familiar with your organization or your data. Any potential threats arising through them could be protected using various security tools. On the other hand, known sources may have full information about your organization, your data, importance of that data and the attackers therefore might have an objective to cause damage.
The threats from known sources are primarily of two types; physical theft and remote theft of data. The probability of physical data theft in this era of Cloud and distributed systems is negligible and not a preferable approach for any intruder. Therefore the only focus should be upon mitigating virtual/remote data thefts. Remote data theft is usually done with the help of certain tools. Although the rivalry is often between humans however it is the tools which fight for humans. In the primitive era, humans used to fight without the support of any tools however over period of time, man-made tools & weapons have taken up that role. Thankfully there are many full proof protection tools available these days in the virtual world too. Tools such as antivirus, anti-malware, anti-spamming, end point protection, application control change system, and encryption can be used in appropriate combinations to tackle such threats. It is a war of tools against tools.
The threat of data theft is possible in case of stored data and the data which is in-transit, commonly known as data-at-rest and data-in-motion respectively. The solutions can differ based on the size of the organization. Combination of tools used to define the architecture of a small organization could differ from the ones required for large organizations. Various encryption technologies exist in the market today and these can help in mitigating the in-transit data security issues. End to end encryption right from end user up until the data storage is the best choice. For stored data, the medium and large organizations should ideally look at developing their own protocol of storing data or design their own database system. When there is a complete enclosed system and others don’t have any information about data representation and data value meaning, stealing the data carries no value. We all know there are many nations in the world who develop weapons, create fear in the world and then sell these weapons to other nations for protection. If this is possible with such huge nations, there is a possibility it may happen with security organizations too.
Datacenters should start adopting systems which are ‘inter communicable’ and are based on deep learning and artificial intelligence. For example, if someone has deployed a security architecture comprising of anti-virus, database activity monitoring, NDIS, IPS, end point protection, application control system and SIEM, all these systems should have intelligence to communicate with each other and pass-on threat messages to each other so that every protection system can act in time and close all possible doors to intruders. Continuous monitoring of all activities using SIEM and application behavior monitoring system is important which can identify unusual activities and instantly notify the same.
Good news is that the tools do not require data; therefore along with tools & protection systems in place, there is a dire need to work on the root cause of insecurity too.
Anil Chandaliya
Chief Innovation Officer.
ESDS Software Solution Pvt. Ltd.
Website: www.esds.co.in | Email: anil@esds.co.in
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.