Transcript MS PowerPoint

Are you Safe and Secure?
International Spectrum Conference 2008
Are you Safe and Secure?
Nick Kelly – Product Manager
Mark Fuller – Support Manager
Introduction
•
•
•
•
Slide 3
Have you looked at the risks that impact on your business from
►
Security Breaches
► Unauthorized access to data
► Unauthorized update of data
►
Loss of Service
► Hardware Failure
► Planned administration
What is their effect?
What techniques can reduce the risk?
How can Northgate and Reality Help?
Security Breach - Risks
Slide 4
•
Hardware theft
►
Bypassing Operating System Security
►
Bypassing Application security
►
Scanning file system
•
Media theft
►
Scanning backup media
•
Break into your Windows / Unix Systems
►
Possible direct data access
•
Staff misuse of data
►
Some staff need access to files, but not the content
Security Breach - Impact
•
Incident Cost
►
►
•
Management time
Operational effort
Legal Compliance Issue
►
Breach of Data Protection Act
►
►
►
►
►
►
►
►
•
Breach of Contract?
Reputation
►
►
Slide 5
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Negative press attention … seen as a ‘blunder’
Are we a ‘safe pair of hands’?
Security Breach - Examples
Cost
$500,000!
ID theft concerns over Eden Project stolen laptop
IT Pro UK – Fri, 15 Jun 2007 12:45
...identity theft. The laptop was looked after by an employee of XXXXXX , a
company the Cornish tourist attraction uses to handle its payroll .
Chancellor admits HMRC lost 25 million people's data
Alistair Darling says taxman lost disks containing the detailed child benefit
information of 25 million individuals
Cost potentially billions!
(Compensation up to
$600 per record, total 15
billion (UK)
Slide 6
Security Methods
Database
Access
Security
Firewall
Network
User
Authentication
Development User
MultiValue
Application
Operations User
Database
Backups
MV Platform
MultiValue
Database
Server
Slide 7
User
Data Hacker
Security
Database Security
Slide 8
Database Security
•
Is your Database secure?
►
Can you control access?
►
►
►
Slide 9
By user, location, time or type of connection?
Can you detect inappropriate access?
Do you know who is accessing your database and when?
Database Security – Reducing the Risk
•
MV Account Based Security
►
All users share the same user
name and password
►
►
Slide 10
Advantages
► Simple to Administer
Disadvantages
► Can’t identify individuals
► Hard to Audit
► Difficult to tell if the security has been compromised
► Passwords are difficult to secure
Database Security – Reducing the Risk
•
User Based Security
►
Each user has unique user name
and password
►
►
Slide 11
Advantages
► Simple to Administer
► Can Identify the individuals
► Auditable
► Can change their passwords
► You should be able control how often, length and password
history
Disadvantages
► Identities can be conveyed to others or commandeered by others
Database Security – Reducing the Risk
•
Location Based Security
►
Extends User based security
►
►
►
Disadvantages
►
Slide 12
Limit individuals to pre-defined locations
Individuals can have multiple security profiles
► Dependent on their location
Have to define acceptable locations
Database Security – Reducing the Risk
•
Time Based Security
►
Extends User based security
►
Logins are restricted to defined time periods
►
Advantages
►
►
Disadvantages
►
Slide 13
Tighter control of User based security
► Pre-defines allowable login times per user
Have to define acceptable time windows
Database Security – Reducing the Risk
•
Server Based Security (linked to user based security)
►
Allows same user different access rights to different services
(Telnet, Web, SQL)
►
►
Slide 14
Advantages over User based security
► Server processes can have different security profile than
associated user
Disadvantages
► Have to define more access rights
Database Security – Using Reality
•
Reality is used in security critical systems
►
Police, Government, Military
►
Supports
►
►
►
►
►
Slide 15
Account Security
User Security
Location based security
Time Based
Server Based
Data Security
Slide 16
Data Security
•
Is your Data secure?
►
Can you prevent un-authorized access to the information on
your media?
►
►
Can you control access to the data?
►
Slide 17
Disk & Tape
You may want to give file access but not the ability to understand
the data
Data Security – Reducing the Risk
•
Staff Vetting prior to data access
►
Advantages
►
►
Disadvantages
►
►
►
Slide 18
Security by trust
Costly & time consuming
Not foolproof
Intrusive
Data Security– Reducing the Risk
•
Encrypt any data leaving site
►
Advantages
►
►
Disadvantages
►
Slide 19
Protects backups held off-site
Managing the encryption keys
Data Security– Reducing the Risk
•
Data stored in an encrypted form
►
Advantages
►
►
►
Disadvantages
►
►
Slide 20
Protects data at source
Transparent to the application
Possible performance implications
Need to manage the keys
Data Security–
•
What is it
►
Transparently encrypts the data written to your database and
other media
►
Access Management
►
Slide 21
Defines who is allowed access to encrypted data
Secure Management of encryption keys
Advantages
►
Selectively limits access to sensitive data
►
Reduced Security Boundary
►
•
Using Reality’s Data Encryption at
Rest
Data at Rest Encryption
Demo – (contact us for details…)
Loss of Service
Slide 23
Loss of Service - Impact
•
Incident Cost
►
►
•
Contractual SLA’s
►
•
►
Negative press attention …
Are we a ‘safe pair of hands’?
Loss of business
►
►
Slide 24
Breach of Contract?
Reputation
►
•
Management time
Operational effort
Companies that aren’t able to resume operations within 10 days of a
disaster are not likely to survive’ (source: Strategic Research Institute, Jan
2002.).
‘Problems with IT cost small and medium enterprises (SME’s) £100 billion in
lost turnover each year according to the London Business School. Computer
crashes are estimated to cause losses of £31 million each year.’
Loss of Service - Causes
•
Loss of:
►
Data
►
Hardware
►
Network infrastructure
►
Site
►
Staff!
►
•
Slide 25
May lose key staff members
Planned Admin
►
Vendor Capabilities
►
Software Reliability
►
Support Services
Loss of Service
Sometimes the worst does happen …
Northgate HQ, Boundary Way, Hemel Hempstead
6 am 11 December 2005
Slide 26
Loss of Service – Reducing the Risk
•
•
•
Business Continuity & Disaster Recovery Planning
Put a BCP & DR plan in place & above all test it!
Some things to consider
►
Emergency Management Team
►
►
Business Recovery Actions
►
►
the task of returning to "business as normal"
Support Services
►
Slide 27
site protection, salvage, security and safety
Longer Term Recovery Actions
►
►
teams on site, contacts, numbers, alternate office locations
Site Management
►
►
the site's IT facilities, switchboard lines, DR arrangements for these
Office Space Recovery
►
►
site plan, departments, services delivered, key suppliers, tenants
IT Recovery
►
►
an ordered list of the actions to be taken by the EMT
Site Details
►
►
names, numbers, meeting venues, con. call numbers
from HR, int/ext communications, finance, property & security
Loss of Service – Reducing the Risk
•
Resilient Hardware
►
Duplicate key hardware components
►
►
►
►
►
Advantages
►
►
►
Quick recovery
Little Admin
Disadvantages
►
►
Slide 28
Disk Mirroring
Redundant power supplies, processors etc.
Redundant Networks
Hot Swappable Components
Can still cause the system to fail and need to be restored
Only protects individual machines
Loss of Service – Reducing the Risk
•
Regular backups (Offsite!)
►
Backup key data to removable media
Tape, Disk
►
Advantages
►
►
►
Disadvantages
►
►
►
►
Slide 29
You do have a copy of your data
Can be kept offsite
Media deteriorates over time
Slow!
Costly!
Only protects individual machines
Loss of Service – Reducing the Risk
►
Resilient File System
►
►
►
Slide 30
Journaling file system, allows the file system and database to
recover to the last completed transaction when the machine
unrepentantly stops
Advantages
► Recovery can be to last completed transaction
► Can be very quick to recover
Disadvantages
► Additional load on system
► Relies on storage devices being intact
Loss of Service – Reducing the Risk
►
Hot standby systems
►
►
►
Slide 31
Second machine is maintained
as a near real-time copy of the
live running system
Advantages
► No loss of service
Disadvantages
► Normally ‘closely coupled’ – Requires real time data link
► Can still lose both systems
► Additional hardware costs
Loss of Service – Reducing the Risk
►
Remote Hot Standby systems
►
►
►
Slide 32
A remotely hosted machine is maintained as a near real-time copy
of the live running system
Advantages
► Data copied off-site at the end of each transaction
► Off-site machine can be ready to run
Disadvantages
► Dependant on external communications link
► Requires a communications link which can handle the throughput
of the system
► Can be costly – depending on options taken
Preventing Loss of Service – Reality Fast Backup and
Recovery
•
Backup & Restore your Database at near Media Speed
►
Backup while the system is still in use
►
In practice ‘near media speed’ is estimated to be up to 30
times faster than the current logical backup.
►
Examples
►
►
Slide 34
MOD
► from 4 days to 9 hours (500GB)
Wolseley
► from 2 hours to six minutes (50GB)
Preventing Loss of Service – Reality Rapid Recovery
File System
•
•
•
Slide 35
Protects Database Across a System Failure
Ensures File System Integrity
►
Ensures All Operations Either Complete or Roll Back
►
Providing Database and Log Disks Survive
Reduces Time to Recover Operational System
Preventing Loss of Service -Reality
Resilience Options
Gateway
Data
Data
Unprotected
Database
Shadow
Heartbeat
Failsafe
Transaction
Database
Logging
Gateway
Logs
Logs
Primary System
Data
Secondary System
Heart Beat
Automatic Switch
Manual Switch
Failsafe
Manual Switch
Shadow
Hardware
Transaction Logging
Hardware
Data Restore
Replay Log
Hardware
Data Restore
Re-key from last restore
Unprotected
Replay Log
Service Restoration Time
Slide 36
Preventing Loss of Service - Reality Automated DR
•
Maintains remote disaster recovery systems
►
Further extends resilience options to support:
►
►
►
►
Reality Environment
Remote hot backup systems
Operation over slow or intermittent communication links Remote
standby
Sourced from one or more machines
system(s)
Secured up to the last completed transaction
Reality Environment
Reality Environment
Reality Failsafe Environment or Standalone System
Slide 37
Loss of Service – Planned Administration
•
Service availability can be effected by the need to perform
►
File Sizing
►
►
Regular Backups
►
►
►
Slide 38
Typically this is done while systems are offline
► Costly!
Normally done while systems are offline
► Some sites running out of night to perform backup
System Upgrades
Software Upgrades
Preventing Loss of Service – Planned Administration –
with Reality
•
File Sizing
►
Auto File Sizing
►
►
•
•
Backups
►
Fast Backup and Recovery
Software Upgrades
►
Typical Reality upgrade takes no more than 20 minutes
►
►
Slide 39
Automatically adjust file sizes, in real time as data grows, with
minimal system overhead
Never need to resize a file again!
Failsafe enables a phased upgrade to take place
Backwards compatibility guaranteed
Loss of Service – Vendor Services
•
Northgate
►
24 x 7 x 365 World wide support on Reality
►
►
►
Operations in 46 countries
Very Stable product
►
►
Slide 40
Rapid response times
Less than 30 faults ever outstanding world wide
Reality sites who have not had a loss of service in over 20 years
Conclusion
•
Plan in advance
►
Create Business Continuity & Disaster Recovery plans
(NOW)
•
Slide 41
Be aware of the Risks
►
Security Breach
►
Loss of Service
► Data,
► Hardware,
► Network infrastructure,
► Site,
► Staff!
Conclusion
•
Deploy techniques to mitigate those risks
►
Security Methods
►
►
►
Protect Your Service
►
►
►
►
►
•
Slide 42
Database Security
Data Security
Resilient Hardware
Regular backups
Resilient File System
Hot standby systems
Remote Hot Standby systems
Move to Reality
►
Northgate and Reality have the tools to protect your business
Conclusion
Slide 43