Site icon IT World Canada

Making it happen with information security

Over the past three years, homeland security has been a majorpriority for North America and around the world. On a daily basis,people have been tuning in to hear the most recent information onthe war on terror and determine the latest national threat level.Whether it has been Code Orange or Code Yellow, the publicunderstands the scope of threats against our country and our U.S.neighbours and takes homeland security very seriousl, as itsafeguards our citizens, borders and infrastructure. Along with thephysical meaning of the term, homeland security addressesinformation security across a wide spectrum of telecommunications,power distribution, public health, law enforcement and vitalgovernment services.

Information security consists of ongoing efforts to protect thetransmission, integrity and storage of information from bothinternal and external threats. These threats can range fromphysical attacks and natural disasters to viruses and worms,hostile intelligence-gathering and even biological attack.Protection must cover data and applications, networks, equipmentand facilities, as well as IT and personnel. It must also extendacross governmental units and contractors.

A disaster can ultimately cripple our ability to deploymilitary, first responder and law enforcement resources, maintainvital services, issue drivers licences, and even collect taxes. Atthe same time, security and other reviews have highlighted gaps andweaknesses in capabilities to protect computers, communications anddata. To address these shortcomings, government units must takeimmediate steps to identify information security threats, protectIT resources and ensure continuance of operations.

Both the private and public sectors are now emphasizinginformation security. However, information security in the publicsector is complicated by both the ramifications of an attack and anabundance of disparate heterogeneous systems within and amonggovernment units.

While the private sector can limit access, many government unitsare required to provide access to public services. The drive towardintergovernmental and departmental information sharing, especiallyamong law enforcement agencies, also makes it harder to balanceaccess and security. Information superiority, or the gathering,analyzing and sharing of relevant information, facilitates thetimely and effective deployment of our defence resources. In orderto meet these demands, organizations are turning to an informationinfrastructure solution, honing in on three critical elements –consolidation, control and continuity – to more efficiently deployand manage resources while quickly responding to adversity:

Consolidation: The consolidation of servers and storage allowsfor significantly higher utilization rates. Consolidation reducesthe amount of storage a company needs to buy and manage and allowsstaff to spend less time juggling complexity and more time drivingthe business forward.

Control: An IT organization’s ability to manage complexitythrough centralized storage management enables it to”automatically” control its many devices, quickly execute tasks andassign processes across the entire heterogeneous environment.Leveraging powerful management tools to simplify storageadministration will determine whether or not an organization canmeet or exceed its agreed upon levels of service.

Continuity: Protecting information assets through robustbusiness continuity can reduce the risks inherent in havingnumerous points of control and back-up devices. Once the aboveconsolidation and control capabilities are in place, continuitysteps in to measure and protect information while guaranteeing thesafety and security of both local and remote information.

A networked storage solution sets up a single unifiedinfrastructure that accelerates the flow of information and breaksdown any barriers between diverse technologies and stove-pipedinfrastructures.

What’s more, it can enable IT managers to build aninfrastructure that will ensure survivability and resilience byincluding:

Information centricity: Allows for the consolidation ofinformation throughout the enterprise into central locations,enabling IT managers to leverage information, rather than merelymanaging technology. Without consolidated and shared information,an organization cannot fully meet its goals and objectives.

Heterogeneous connectivity: Unlike traditional server-basedstorage, an advanced information infrastructure stores, retrievesand connects to data from all major computing platforms including:both mainframe and open systems environments, networks, fileservers, web servers and management interfaces.

Cascadability: Enterprise storage is cascadable, meaning it canbe re-assigned over time so that it is a re-usable and non-obsoleteresource, ensuring that information can be utilized – even whenapplications or other IT equipment are discarded, upgraded andreplaced.

Information management: A common information managementenvironment simplifies tasks and provides a centrally managed pointof control. For example, it enables seamless backup and restorecapability, and delivery of user performance data for everyplatform, while driving the standardization of IT processesthroughout the enterprise.

Information sharing: Advanced software intelligence bridgesstove-piped mainframe and open systems environments, allowinginformation to be shared without depending on traditional IPnetwork based techniques.

Information protectionand survivability: Enterprise storageprovides reliable mission continuance protection and continuity ofoperations against planned and unplanned outages through diversefeatures. This ensures maximum protection and virtually 100 percent data availability. Together, these attributes can provide theability to leverage a single enterprise infrastructure resulting inone way of sharing, protecting and managing information. It willhelp drive standardization to reduce cost, complexity andredundancy without sacrificing the flexibility to support missioncritical applications. And through a flexible architecture, it hasthe ability to change and evolve based on requirements whileeliminating the costly replication of data, equipment andtraining.

An information infrastructure can help government agenciesmanage their network-attached storage (NAS) and storage areanetwork (SAN) environments with a unified view of all theirinformation assets. They can then manage more information, moresimply, at lower cost – and respond more quickly to changingneeds.

Whether an agency’s data storage devices are from a singlevendor or multiple vendors, it can consolidate all agency data intoa single, centralized system. Such a system means that informationcan be accessed no matter where it resides, regardless of whetherit is a centrally located database or a remotely connected laptopcomputer.

This paradigm shift from processor-centric toinformation-centric computing provides many benefits critical todata protection. Advanced data storage networking technology can beused to create a heterogeneous storage environment that embodiesthese attributes and reduces the friction of informationaccess.

One of the key questions asked is “How many copies ofinformation are needed to ensure its survivability?” The answerlies in an infrastructure’s capacity to replicate large quantitiesof information without affecting production access to the source.Through replication solutions, an infrastructure can functionconsistently across a wide range of operating environments anddatabases, at the same time as supporting local and remote widearea replication with minimal bandwidth requirements.

Commercial-off-the-shelf (COTS) solutions are readily availablethat provide application independent, differential, remotereplication.

Government managers must also keep their eyes on the future.Advancing initiatives, architectures and technologies will delivernew security capabilities as well as threats. As with privateindustry, the public sector must prepare for the increasingadoption of web services and wireless technologies. Managers mustalso prepare to deliver the information security required bydemands for the inter-governmental collaboration that breaks downinefficient organizational silos and reduces the intelligence andother gaps among various government units.

While important first steps have been taken to review governmentinformation security and address vulnerabilities, more must bedone.

Information protection must become a part of agency culture andbe incorporated into almost every initiative. Some are evenrecommending that security compliance be part of every personnelevaluation. Static security policies must be replaced withinitiatives that continuously improve – and test – capabilities toprotect, mitigate and recover from attacks. 064280

Nick Lisi (lisi_nick@emc.com) is managingdirector of EMC Canada of Toronto, a supplier of products, servicesand solutions for information management and storage.

Exit mobile version