Securing Data and Infrastructure: A Comprehensive Approach
Security of data and infrastructure has become a world in itself. Everyone talks about so many terms that it’s easy to feel overwhelmed by the possibilities of securing your data. At the same time, you may wonder what you need in your environment and whether it is going to be enough. I hear so many terms get thrown around like anomaly detection, multifactor authentication, malware scanning, zero trust access, etc. But what am I really protecting, and am I covering all my bases to make sure that my data and infrastructure are protected? How can I tell with confidence that I have a good security strategy? One good way I have found to answer that question is to narrow down my focus and compartmentalize the areas that I need to solve for. First and foremost, I need to figure out what my attack vectors are. Once I figure that out, I have a finite number of vectors that I can easily comprehend and think about securing. As a part of that exercise, I came up with my five attack vectors, which are: Users Network Application Storage or data Operating systems Physical hardware security could be the sixth one, but I am going to park that as something that is likely already covered, maybe because you have your infrastructure within a secure data center and in a locked cage with cameras around. Diagram 1: Attack vectors and security needs Once I have determined my attack vectors, I can now focus on securing those five areas against any type of attacks. I must also consider multiple ways to protect any single vector in case any of the mechanisms get breached or compromised. For example, I can have an industry-standard authentication mechanism but also use multifactor authentication in case my credentials are compromised. I can also use quorum approval or multiperson authorization for any critical operations in case someone gets access to the system. Similarly, on the data front, I need immutability, which prevents data from being modified. I also need indelibility with my operating system to make sure that data cannot be deleted. You can go as deep into any attack vector as needed, depending on what your requirements are for making that vector secure. I found this framework very useful in defining my requirements to secure the data and the infrastructure in a data center. Diagram 2: Responsibility model for Security Once you have identified the different attack vectors and needs across those vectors, your next task is to figure out how to get these requirements met in your environment. For example, you might have to go with external vendors for password and access management, for authentication, or for malware scanning and anomaly detection. Unfortunately, not everything is available with third-party integrations. Especially when you try to protect the fundamental operating system layer, you can’t do much by yourself. For example, the system that controls access to the data needs to be immutable in architecture and indelible by design. If someone gets root access to a system, they can easily go and destroy the data. So, you must implement these design principles on your own to get end-to-end protection and true immutability and indelibility. Concepts like zero trust access, removing root privileges, immutable architecture, managing containers, and network and application isolation are all needed to get that end-to-end protection. However, it’s complex and time consuming to do on your own. Another big lift is vulnerability management. Given that the infrastructure now gets hit by ransomware attacks every second, the attackers look to expose every vulnerability on any system. Managing these vulnerabilities and getting their fixes can be a tall order. It’s no secret that securing your environment is a team effort that requires a group of security experts who can provide ongoing and continuous protection against a 24-7 team of hackers. That is where Veritas NetBackup Flex appliances are your natural partners, providing the end-to-end security in your environment. With Flex Appliance, you get the zero trust-based immutable architecture out of the box, plus continuous management of vulnerabilities that you wouldn’t otherwise get by just putting a data protection software on your own systems. Read more on NetBackup Flex Appliance here.8.1KViews0likes0CommentsNeutralize threat of cyber-attacks with NetBackup Flex Appliances
89% of all organizations have fallen victim to a successful ransomware attack resulting in unrecoverable data events. See how to significantly reduce the risk of a cyber--attack and recover confidently with an air-gapped turn-key appliance.5.2KViews1like0CommentsWe’ll be at the VMware Forums across EMEA next quarter, will you?
Symantec is going to be a main sponsor in the biggest VMware Forum events across EMEA. The first event comes shortly after our recent announcement at the RSA conference that five new security integrations with the VMware cloud infrastructure suite have taken place (check out the press release377Views0likes1CommentWindows Server 2003 Migration Challenges and Options - Part 1
What’s Happening? On July 14 th , 2015, Microsoft will end support for all versions of Windows Server 2003. This means that Microsoft will no longer offer support, security patches and software updates for this product. What are the risks of continuing to run Windows Server 2003 while unsupported?666Views0likes2CommentsOpciones y desafíos de migración de Windows Server 2003, parte 1
El 14 de julio de 2015, Microsoft finalizará el soporte para todas las versiones de Windows Server 2003. Esto significa que Microsoft ya no proporcionará soporte, parches de seguridad ni actualizaciones de software para este producto. ¿Cuáles son los riesgos de seguir ejecutando Windows Server 2003 cuando deje de tener soporte?