E N D
1. Are you Safe and Secure? International Spectrum Conference 2008
2. Are you Safe and Secure?
3. Slide 3 Introduction Have you looked at the risks that impact on your business from
Security Breaches
Unauthorized access to data
Unauthorized update of data
Loss of Service
Hardware Failure
Planned administration
What is their effect?
What techniques can reduce the risk?
How can Northgate and Reality Help?
4. Slide 4 Security Breach - Risks Hardware theft
Bypassing Operating System Security
Bypassing Application security
Scanning file system
Media theft
Scanning backup media
Break into your Windows / Unix Systems
Possible direct data access
Staff misuse of data
Some staff need access to files, but not the content
5. Slide 5 Security Breach - Impact Incident Cost
Management time
Operational effort
Legal Compliance Issue
Breach of Data Protection Act
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Breach of Contract?
Reputation
Negative press attention … seen as a ‘blunder’
Are we a ‘safe pair of hands’?
6. Slide 6 Security Breach - Examples
ID theft concerns over Eden Project stolen laptop
IT Pro UK – Fri, 15 Jun 2007 12:45
...identity theft. The laptop was looked after by an employee of XXXXXX , a company the Cornish tourist attraction uses to handle its payroll .
7. Slide 7 Security Methods
8. Slide 8 Database Security
9. Slide 9 Database Security Is your Database secure?
Can you control access?
By user, location, time or type of connection?
Can you detect inappropriate access?
Do you know who is accessing your database and when?
10. Slide 10 Database Security – Reducing the Risk MV Account Based Security
All users share the same user
name and password
Advantages
Simple to Administer
Disadvantages
Can’t identify individuals
Hard to Audit
Difficult to tell if the security has been compromised
Passwords are difficult to secure
11. Slide 11 Database Security – Reducing the Risk User Based Security
Each user has unique user name
and password
Advantages
Simple to Administer
Can Identify the individuals
Auditable
Can change their passwords
You should be able control how often, length and password history
Disadvantages
Identities can be conveyed to others or commandeered by others
12. Slide 12 Database Security – Reducing the Risk Location Based Security
Extends User based security
Limit individuals to pre-defined locations
Individuals can have multiple security profiles
Dependent on their location
Disadvantages
Have to define acceptable locations
13. Slide 13 Database Security – Reducing the Risk Time Based Security
Extends User based security
Logins are restricted to defined time periods
Advantages
Tighter control of User based security
Pre-defines allowable login times per user
Disadvantages
Have to define acceptable time windows
14. Slide 14 Database Security – Reducing the Risk Server Based Security (linked to user based security)
Allows same user different access rights to different services
(Telnet, Web, SQL)
Advantages over User based security
Server processes can have different security profile than associated user
Disadvantages
Have to define more access rights
15. Slide 15 Database Security – Using Reality Reality is used in security critical systems
Police, Government, Military
Supports
Account Security
User Security
Location based security
Time Based
Server Based
16. Slide 16 Data Security
17. Slide 17 Data Security Is your Data secure?
Can you prevent un-authorized access to the information on your media?
Disk & Tape
Can you control access to the data?
You may want to give file access but not the ability to understand the data
18. Slide 18 Data Security – Reducing the Risk Staff Vetting prior to data access
Advantages
Security by trust
Disadvantages
Costly & time consuming
Not foolproof
Intrusive
19. Slide 19 Data Security– Reducing the Risk Encrypt any data leaving site
Advantages
Protects backups held off-site
Disadvantages
Managing the encryption keys
20. Slide 20 Data Security– Reducing the Risk Data stored in an encrypted form
Advantages
Protects data at source
Transparent to the application
Disadvantages
Possible performance implications
Need to manage the keys
21. Slide 21 Data Security– Using Reality’s Data Encryption at Rest What is it
Transparently encrypts the data written to your database and other media
Access Management
Defines who is allowed access to encrypted data
Secure Management of encryption keys
Advantages
Selectively limits access to sensitive data
Reduced Security Boundary
22. Data at Rest Encryption Demo – (contact us for details…)
23. Slide 23 Loss of Service
24. Slide 24 Loss of Service - Impact Incident Cost
Management time
Operational effort
Contractual SLA’s
Breach of Contract?
Reputation
Negative press attention …
Are we a ‘safe pair of hands’?
Loss of business
Companies that aren’t able to resume operations within 10 days of a disaster are not likely to survive’ (source: Strategic Research Institute, Jan 2002.).
‘Problems with IT cost small and medium enterprises (SME’s) Ł100 billion in lost turnover each year according to the London Business School. Computer crashes are estimated to cause losses of Ł31 million each year.’
25. Slide 25 Loss of Service - Causes Loss of:
Data
Hardware
Network infrastructure
Site
Staff!
May lose key staff members
Planned Admin
Vendor Capabilities
Software Reliability
Support Services
26. Slide 26 Loss of Service
27. Slide 27 Loss of Service – Reducing the Risk Business Continuity & Disaster Recovery Planning
Put a BCP & DR plan in place & above all test it!
Some things to consider
Emergency Management Team
names, numbers, meeting venues, con. call numbers
Business Recovery Actions
an ordered list of the actions to be taken by the EMT
Site Details
site plan, departments, services delivered, key suppliers, tenants
IT Recovery
the site's IT facilities, switchboard lines, DR arrangements for these
Office Space Recovery
teams on site, contacts, numbers, alternate office locations
Site Management
site protection, salvage, security and safety
Longer Term Recovery Actions
the task of returning to "business as normal"
Support Services
from HR, int/ext communications, finance, property & security
28. Slide 28 Loss of Service – Reducing the Risk Resilient Hardware
Duplicate key hardware components
Disk Mirroring
Redundant power supplies, processors etc.
Redundant Networks
Hot Swappable Components
Advantages
Quick recovery
Little Admin
Disadvantages
Can still cause the system to fail and need to be restored
Only protects individual machines
29. Slide 29 Loss of Service – Reducing the Risk Regular backups (Offsite!)
Backup key data to removable media
Tape, Disk
Advantages
You do have a copy of your data
Can be kept offsite
Disadvantages
Media deteriorates over time
Slow!
Costly!
Only protects individual machines
30. Slide 30 Loss of Service – Reducing the Risk Resilient File System
Journaling file system, allows the file system and database to recover to the last completed transaction when the machine unrepentantly stops
Advantages
Recovery can be to last completed transaction
Can be very quick to recover
Disadvantages
Additional load on system
Relies on storage devices being intact
31. Slide 31 Loss of Service – Reducing the Risk Hot standby systems
Second machine is maintained
as a near real-time copy of the
live running system
Advantages
No loss of service
Disadvantages
Normally ‘closely coupled’ – Requires real time data link
Can still lose both systems
Additional hardware costs
32. Slide 32 Loss of Service – Reducing the Risk Remote Hot Standby systems
A remotely hosted machine is maintained as a near real-time copy of the live running system
Advantages
Data copied off-site at the end of each transaction
Off-site machine can be ready to run
Disadvantages
Dependant on external communications link
Requires a communications link which can handle the throughput of the system
Can be costly – depending on options taken
33. Slide 33 Preventing Loss of Service – Using Reality Reality Supports
Fast backup & Restore
Backup & Restore your database at ‘media speed’
Journaling
Rapid Recovery
If hardware survives crash, quickly recovers database
Offline backup databases
Shadow Database
Stored on same machine, separate offline disks
Hot backup standby systems
Failsafe & Heartbeat
No loss of service
Automatically switches to secondary system
Remote Disaster Recovery systems
RealityDR
Low Cost, Offsite system kept up to date in real time
34. Slide 34 Preventing Loss of Service – Reality Fast Backup and Recovery Backup & Restore your Database at near Media Speed
Backup while the system is still in use
In practice ‘near media speed’ is estimated to be up to 30 times faster than the current logical backup.
Examples
MOD
from 4 days to 9 hours (500GB)
Wolseley
from 2 hours to six minutes (50GB)
35. Slide 35 Preventing Loss of Service – Reality Rapid Recovery File System Protects Database Across a System Failure
Ensures File System Integrity
Ensures All Operations Either Complete or Roll Back
Providing Database and Log Disks Survive
Reduces Time to Recover Operational System
Protects data across a system failure,
Recovers File system back to last completed action, TL then recovers transaction
Protects data across a system failure,
Recovers File system back to last completed action, TL then recovers transaction
36. Slide 36 Preventing Loss of Service -Reality Resilience Options Unprotected, Long recovery time, Data must be restored to last backup, and rekeyed, CLICK
Transaction Logging, CLICK
Shaddow, Offline copy of DB, CLICK
Failsafe, Two mirrored system, fast to recover. CLICK
Heartbeat, Failsafe, gateway front end, Auto switch over, CLICK
TriSafe, Offsite copy of system, if site is lost, much interest after 9/11
Unprotected, Long recovery time, Data must be restored to last backup, and rekeyed, CLICK
Transaction Logging, CLICK
Shaddow, Offline copy of DB, CLICK
Failsafe, Two mirrored system, fast to recover. CLICK
Heartbeat, Failsafe, gateway front end, Auto switch over, CLICK
TriSafe, Offsite copy of system, if site is lost, much interest after 9/11
37. Slide 37 Preventing Loss of Service - Reality Automated DR Maintains remote disaster recovery systems
Further extends resilience options to support:
Remote hot backup systems
Operation over slow or intermittent communication links
Sourced from one or more machines
Secured up to the last completed transaction
38. Slide 38 Loss of Service – Planned Administration Service availability can be effected by the need to perform
File Sizing
Typically this is done while systems are offline
Costly!
Regular Backups
Normally done while systems are offline
Some sites running out of night to perform backup
System Upgrades
Software Upgrades
39. Slide 39 Preventing Loss of Service – Planned Administration – with Reality File Sizing
Auto File Sizing
Automatically adjust file sizes, in real time as data grows, with minimal system overhead
Never need to resize a file again!
Backups
Fast Backup and Recovery
Software Upgrades
Typical Reality upgrade takes no more than 20 minutes
Failsafe enables a phased upgrade to take place
Backwards compatibility guaranteed
40. Slide 40 Loss of Service – Vendor Services Northgate
24 x 7 x 365 World wide support on Reality
Rapid response times
Operations in 46 countries
Very Stable product
Less than 30 faults ever outstanding world wide
Reality sites who have not had a loss of service in over 20 years
41. Slide 41 Conclusion Plan in advance
Create Business Continuity & Disaster Recovery plans (NOW)
Be aware of the Risks
Security Breach
Loss of Service
Data,
Hardware,
Network infrastructure,
Site,
Staff!
42. Slide 42 Conclusion Deploy techniques to mitigate those risks
Security Methods
Database Security
Data Security
Protect Your Service
Resilient Hardware
Regular backups
Resilient File System
Hot standby systems
Remote Hot Standby systems
Move to Reality
Northgate and Reality have the tools to protect your business
43. Slide 43 Conclusion