Archive for the ‘IT Security’ Category

Effective Cloud disaster recovery

December 12, 2011

As the cloud gains steam and expands, disaster recovery has become more effective. Creative ideas involving replication have evolved as it pertains to recovery solutions for disasters.  Not always inexpensive, the best solutions provide almost instant recovery times.

Continuous data protection (CDP) using virtual machines for data replication in the cloud is probably the most reliable solution to date.

(For the purposes of this discussion, bandwidth is plentiful and security procedures have been established.)

There are two very good solutions for CDP disaster recovery on virtual machines:

1. Pure cloud  

This solution is straight forward. If you’re running your applications purely on the cloud, with nothing local, then the managed service provider (MSP) can be responsible for disaster recovery. If the primary cloud site fails, a secondary cloud site will take over with a “flick of the switch” of duplicate data and virtual machines running the applications. After recent outages at Amazon’s AWS, MSPs are ensuring they have more reliable disaster recovery solutions.

2. Replication to virtual machines from local systems

This solution works well for companies that want their data on the premises, as well as in the cloud. There are a few steps:

a.   Service provider installs an on-premise device that replicates all local data.

b.   On-premise system replicates with virtual machines in the cloud.

c.   In the event of an on-premise disaster, the “switch is flipped,” and the virtual machines in the cloud take over.

Cloud software capable of replication include CommVault Continuous Data Replicator, EMC Atmos and the Hitachi Content Platform (HCP). IBM, AppAssure, Iron Mountain, and Simply Continuous also provide these disaster recovery cloud services.

Remember, these solutions must be clearly identified in any service-level agreement (SLA) with the MSP. A key element will be the recovery time objectives (RTO). How long can the system be down before the business is impacted?  There are some key areas you want to make sure are covered, and that you fully understand, to make sure they meet your business needs and that no surprises come up should disaster strike.

1. Read the Service Level Agreement (SLA)

Read and understand the SLA being offered by your cloud service provider. Understand what constitutes a disaster, ask questions and walk through scenarios to be sure you fully understand what constitutes a disaster and the specifics around a DR event. Who declares a disaster, what processes and technologies are in place to minimize the impact to customers, and how long will it take to restore service. If a few hours of downtime seems like an eternity, and if your business cannot survive it, a cloud service may not be right for you.

2. Recovery Point Objective

The word disaster implies that bad things have happened, and when it comes to an IT service, that usually implies data loss. Make sure you understand the recovery point objective of the service so you know just how much data loss is possible in the event disaster strikes.

3. Recovery Time Objective

Communicate to all stakeholders the time that has been agreed to in your Service Level agreement for recovering from the disaster.  Make sure that all stakeholders have agreed to the recovery time before signing up with the cloud service.

Toshiba releases new hard drive that erases itself when removed from a PC

April 15, 2011

Toshiba has come up with a type of self-encrypting hard drive (SED) that can automatically wipe data if it is removed from a paired computer by an attacker.

Available in capacities up to 640GB, the new MKxx61GSYG drive upgrades the capabilities of an identically named drive announced last December, which launched the company’s family of drives complying with the Trusted Computing Group’s Opal SSC specification.

The new version adds new feature to the mix for OEMs, including the ability to cause either part or all of the drive to become crypto-erased if the drive detects that it is not operating inside a particular PC.

According to Toshiba, this is useful for point-of-sale terminals as well as some laptops to protect against drive data being accessed when it is at the end of its life or being re-provisioned.

The company is also pushing the case of this type of drive in niche applications such as multi-function printers that cache and retain images of faxes and printed documents. Undoubtedly, however, the technology could herald a move towards drives that are designed to wipe themselves out when removed from paired computers or devices.

It’s important to also note that data can also be set to erase from sections of the drive based on remote commands.

So you’ve been hacked–NOW WHAT?

November 9, 2010

Jill Liles of the Global Knowledge company has written a very good article that outlines the immediate steps required by Information Security Officers and CIOs  if they find that their systems have been hacked.  The essence of the article is below with a few additions.

First of all, don’t panic.  Obviously the plan that you had in place to prevent such an attack needs to be updated to reflect the current circumstances. But before you do that, you need to take the following  five steps in order to respond and defend against future attacks.

1. Execute your Emergency Plan

Every system should have some sort of disaster recovery plan associated with it before it goes into production. These plans usually cover such things as intruder scenarios and security breaches, natural disaster scenarios, man-made disaster scenarios and the steps required for remediation.

Like many first responders in critical situations the first step is to not make the situation worse than it is. Even though it will be difficult to stop your natural instincts to shut everything down and pull the plug on power or connectivity. You might be causing more issues than what the initial attack had caused.  Even though your efforts to protect the system or data have been compromised continue to evaluate the accuracy of your remediation plan as you learn more about the intrusion.

2.  Act Deliberately

Determine the extent of the intrusion by identifying which systems, routers, and data have been compromised.  Once this is done determine the amount of isolation that is required to limit the impact of the attack. Check inbound and outbound router logs to determine where the attack was initiated from.  Perform reverse IP lookups to see if the offending system can be easily located. Depending on the nature of the attack and the complexity of the attack

3.  Clean Up and Restore

Based on business priorities, bring systems back on-line and begin monitoring them regularly. Replace any hacked data with the most recent stable backup. Change the passwords for all affected devices, users, and applications, including the root password and default accounts.

4.  Prevent Other Attacks

Modify your security structure so this type of attack can be prevented in the future. Learn from this attack so remediation processes are updated accordingly. Some malware can lie dormant after being “removed,” waiting years for an opportunity to reactivate, so be sure you continually protect your network, including installing the latest software patches and performing a regular vulnerability assessment.

5.  Communicate

Depending on your industry, a security breach may require you to notify people outside the company, particularly if the incident affects your compliance with a regulation such as PCI, GLBA, or HIPAA.

If you want to pursue criminal charges or recover damages, you should contact your local law enforcement’s cybercrime unit or national law enforcement.