Tying security to the data itself allows IT to defend against internal and external threats, and avoid never-ending patch cycles.
TL;DR: Do you know where your organization’s critical data is? As cloud services proliferate, it has become nearly impossible to secure physical servers and data-center perimeters. Growing threats from outside and within organizations have led IT managers to focus their security efforts on the data itself rather than the hardware the data is stored on.
You can’t blame IT managers for thinking all their security efforts are futile. Nor can they be faulted for believing the deck is stacked against them. Today’s hackers are more numerous, more proficient, and more focused on stealing companies’ most valuable assets.
Even worse, outside threats may not be data managers’ biggest security problem. As IT Business Edge’s Sue Marquette Poremba writes in a February 2, 2015, article, recent surveys indicate IT departments’ greatest concern is often the security threat posed by insiders: privileged users and employees with high-level access to sensitive data who either cause a breach intentionally, or through carelessness or lack of proper training.
Kaspersky Labs’ IT Security Risk Survey 2014 identifies the biggest internal and external threats to medium-sized businesses’ data security. Source: Kaspersky Labs
Poremba cites the 2015 Insider Security Threat Report compiled by Vormetric Data Security, which found that 59 percent of the IT personnel surveyed believe insiders pose the greatest data security risk to their firms. Vormetric is one of a growing number of security services to recommend customers focus their security efforts on the data rather than on securing the perimeter.
An opportunity to get off the non-stop-patch merry-go-round
One indication of the uphill battle companies face in keeping their systems safe is the sorry state of software patches. Security software vendor Secunia reports that 48 percent of Java users lack the latest patches. CSO’s Maria Korolov reports on the Secunia survey in a January 26, 2015, article.
Secunia claims that in the past year, 119 new vulnerabilities were discovered in Java, which is installed on 65 percent of all computers. That’s a lot of surface area for potential breaches. And Java is far from the only possible hack target: Veracode’s recent scan of Linux systems found that 41 percent of enterprise applications using the GNU C Library (glibc) are susceptible to the Ghost buffer-overflow vulnerability because the apps use the gethostbyname function. Dark Reading’s Kelly Jackson Higgins reports on the finding in a February 5, 2015, article.
Many analysts are predicting that an entirely new approach to data security is beginning to take hold in organizations: one that de-emphasizes server software and focuses instead on the data itself. Information Age’s Ben Rossi writes in a January 25, 2015, article that physical servers are becoming “disposable,” and in their place are API-driven cloud services.
Security controls are built into cloud services, according to Rossi: virtual servers feature dedicated firewalls, role access policy, and network access rights; files stored in the cloud have simple access policies and encryption mechanisms built in; and user-specific identity policies restrict their access to data and resources.
Security is at the heart of the new Morpheus Virtual Appliance, which lets you seamlessly provision and manage SQL, NoSQL, and in-memory databases across hybrid clouds. Each database instance you create includes a free full replica set for built-in fault tolerance and fail over. You can administer your heterogeneous MySQL, MongoDB, Redis, and ElasticSearch databases from a single dashboard via a simple point-and-click interface.
With the Morpheus database-as-a-service (DBaaS), you can migrate existing databases from a private cloud to the public cloud, or from public to private. A new instance of the same database type is created in the other cloud, and real-time replication keeps the two databases in sync. Visit the Morpheus site for pricing information and to create a free account.
