Based on questions we are often asked on the subject, here is a Q & A on Data at Rest and Data in Motion.
What is meant by the terms Data at Rest and Data in Motion?
Data at Rest is the term used for data in computer storage. Data that falls under this category could include files stored on a company’s local hard drive, copies of the file stored on onsite and offsite backup tapes and files on the servers of the storage area network (SAN). It is imperative for businesses to secure this data, since it is often required by law to secure sensitive customer information.
Data in Motion is the term used for data as it is in transit. It is the process of the transfer of the data between all of the versions of the original file, especially when data may be in transit on the Internet. It is data that is exiting the network via email, web, or other Internet protocols.
What is used to secure Data at Rest?
The best means to securing Data at Rest is to use a Backup and Disaster Recovery System. A Backup and Disaster Recovery System, commonly referred to as BDR, is an automated onsite and offsite backup of your data. A BDR is a disk-based solution that replaces traditional tape backup and is ideal for the SMB’s approach to business continuity. The BDR device takes fast point-in-time snapshots of your server at frequent intervals. Only changes to the data are captured. With a BDR, restoration is relatively simple when you mount your backup file as a drive and copy what you need locally or to the network. A BDR has the ability to function as a standby server in minutes. There is no costly downtime. Downed servers are restored in less than thirty minutes.
What is a critical feature of BDR?
An essential element to the success of a BDR is the Bare Metal Restore. A Bare Metal Restore is part of a BDR Platform and gives the ability to restore to a virtual server or dissimilar hardware configuration in the event of a disaster. After a disaster, a boot CD is inserted into the new hardware. The new server maps to the BDR device and pulls the latest backup image. When the image is copied to the server, the BDR installs the necessary drivers for the new hardware, and scheduled backups continue to take place after the server is restored.
What constitutes a Data at Rest disaster?
A technology disaster for a business is one that initiates a major loss of data. A disaster is an unplanned event that causes companies to lose the ability to operate critical business functions for an undetermined period of time. Many businesses never recover from a disaster or suffer significant losses. Natural disasters are one form of disaster; Hurricane Katrina being a prime example. Other forms of disaster can be the result of human error, such as an inadvertent mistake by an employee operating a computer. Small and medium sized businesses are especially vulnerable to the negative effects of a disaster, which makes planning for a disaster crucial.
What is used to secure Data in Motion?
Electronic commerce has spurred on the need for securing Data in Motion. SSH Client/Server, SSL, VPN and SSL/VPN are effective in securing Data in Motion. Multiple groups are able to share the same network without fear of anyone accessing their data. A good software program that secures Data in Motion will secure real-time information and have it managed and shared with minimal modification to the infrastructure and will do so without business disruption.
At Waytek, we do an extensive network assessment for all of our IT Managed Services customers. Many of these customers work in the areas of healthcare, finance, law or accounting and have to think of compliance as a priority when assessing their IT needs. These are some of the most common and most important questions regarding “best practices” that we see:
What is one of the top priorities for a company when assessing the network?
Every company should have a network design and backup or BDR (Backup and Disaster Recovery) solution in place. By effectively protecting your data, you will be covering most of the compliance issues you encounter. The network design is the most common priority of a network assessment. It allows the client to be able to see what the network looks like in a picture form. It should be neatly structured, with the critical components included, so the client gets a clear picture of what he is viewing. It can get as granular as being able to see jacks on the wall with room layouts, though most clients tend to want to see how the WAN connects to the LAN at the server room and network closets.
Another priority is the backup procedure at the facility. This will allow the client to see if the proper backups are in place and running. Many times, we have seen clients who think they have a backup in place when they actually do not or it is continuously failing.
There are other parts of the assessment that could be a priority, depending on the vendor or client, such as Network Audit/Inventory, Domain Structure or WAN/LAN Security.
Have you identified your information security risks?
A network assessment should include identifying the information you have, especially any personal information that falls under applicable legal requirements. In addition, determine who is responsible for and collects or handles personal information.
Different security risks are found on a daily basis in this industry, but here are a few of the common risks:
- Through port scans on your firewall, hackers are looking for a way into your local network.
- Website links and email can allow virus and malware access to machines inside your network.
- Forced hacking is possible when an external vulnerability is found and a hacker finds a username/password combination to access an internal system.
Does your company have user policies in place?
Be careful about giving access beyond those who have the sole purpose of collecting information. You should establish a password policy, account policy, and network sharing and file transmittal policy. It is imperative to establish login credentials and have proper password security, including changing passwords frequently. You should have an encrypted directory, so only key personnel can access sensitive data.
Create a written policy that outlines what is acceptable when accessing the network. Certain websites, for instance, are known to allow malware or viruses to launch from the site. Protect your network by blocking these websites and having a written policy in place so that users are aware of which websites to avoid.
Do you have the appropriate safeguards in place?
Along with password protection, (the lack of which is a leading cause in data breaches) be sure to have the proper antivirus and anti-malware protection. In addition, a strong firewall is imperative to running your IT and business securely. Along with antivirus and anti-malware, you should have power protection such as UPS or Power Backup on the server, phone system and desktops. Periodically, you should plan to have a vulnerability scan for WAN to check for potential open ports that allow hackers into a network. For the LAN, you should be sure all patches are applied, as software flaws could allow for a compromise to that computer.
What are Managed Services?
In recent years, with the expanding scope and complexity of technology alongside the threats to privacy and security, Managed IT Services is a business that continues to grow and become more relevant to small and medium-sized businesses. Managed IT Services provide small businesses with monitoring and managing of selected IT systems and functions. The customer agrees to a contract that covers specific services at a specific price. This enables the business owner to see what he/she is paying for and how it will work in the budget. Managed Services can provide 24/7 support, remote diagnostics and troubleshooting, and on-site service when needed, in addition to planning and deploying services for major projects.
In addition, providers can offer such services as alerts, security, patch management, data backup and recovery for different client devices, such as desktops, notebooks, servers, storage systems, networks and applications. Offloading routine infrastructure management to an experienced Managed Services professional allows the business owner to focus on running the business, with fewer interruptions due to IT issues. Basic services start with a monitoring service, which notifies the business of problems that can be resolved by the owner. At the higher end of available services, the Managed Services Providers (MSPs) offer complete Managed Services that cover everything from alerts to problem resolution. Services can also be customized to meet the specific needs of the client.
Why do companies choose to use a MSP?
There are many reasons why Managed Services are becoming a popular trend in the industry. While large corporations can afford to have their own internal IT department, smaller businesses do not have the same resources and often find themselves without the proper backup and security and paying more for outside experts in emergency situations. With increasing cyber threats on multiple levels and general complexity of IT for businesses, Managed Services can offer ease, affordability, expertise, and the ability to run a business more effectively.
Why should a company invest in a monthly fee for IT services?
Many small business owners are faced with the challenge of spending money to improve their business, while being able to afford to do so. While a Managed Services program requires a monthly fee, it generally saves money for the small business owner and protects the business from disaster or interruptions. A business owner, struggling to keep up with the demands of an IT infrastructure, can fall behind with backups, security and patches, and could face the likelihood of an IT outage or another problem down the road that would negatively impact the business.
How does a MSP benefit a small or medium-sized business that has a small IT department?
MSPs act as an extension to an IT department, taking care of routine IT infrastructure, monitoring and managing around the clock and freeing up IT staff to focus on higher value projects. Managed Services allows the business to reduce operational costs, provide a higher level of IT services, and free up personnel to focus on strategic business issues.
A reliable Managed Services Provider will offer more than just a package of purely remote solutions. It will also offer personalized attention and a face-to-face relationship.
I recently sat down with our President, Brian McDonnell, to ask him a couple of questions about the Managed Services side of Waytek.
Why do customers decide to use Waytek’s Managed Services for their SMBs?
These customers usually have IT staffs that are overworked. Their IT staffs never get to do some of the basic pro-active work that needs to be done, because they’re busy managing day to day IT issues and infrastructure. We act as an insurance policy for them, filling in the gaps so they don’t miss anything.
Here’s an example from today: a potential customer told me that no one is checking his security patches and making sure that his AV is up to date. That was one of the big reasons he wanted to use us. Waytek is alerted if any vulnerabilities appear, and we can fix them before there is a problem.
(As we were talking, Brian could hear one of Waytek’s Help Desk technicians on the phone. Brian pointed out that she had just been alerted that a customer’s disc space on the server was running at 80% capacity. She notified the customer that the company needs to reduce unnecessary files or upgrade to a larger capacity. Without doing so, the system could crash.)
How do you stay connected to your Managed Services customers?
We believe that we can only serve our Managed Services customers by maintaining an ongoing line of communication through various methods. Our alert system helps us notify customers immediately of any issues and the online portal enables them to have an open view to their account and status and remain in contact by emails that are run through the portal. We have also implemented a quarterly face to face status meeting with our Managed Services customers.
Our techs keep in contact both on-site and via phone calls and emails. We also encourage our customers to follow us in the social media spaces of Twitter, Facebook and LinkedIn. We try to update these spaces often. They are a great source of advice and tips for our customers. As another service, we publish a bi-monthly newsletter, such as the one where this article will appear, which includes lots of helpful information, book reviews, and even interesting pieces about our employees. It helps to bring us closer to the community of our customers.
Many of our customers have asked about Next Generation Firewall and what it exactly means. In the wake of increasing cyber threats and increased Web 2.0 applications, it is often believed that traditional firewalls are not enough to ward off such threats. For complete protection, many companies are turning to Next Generation Firewalls to reduce the risk of data leakage and stay up to date with compliance.
“The rapid evolution of applications and threats, coupled with the relative stagnation of traditional security technologies, has resulted in a loss of visibility and control for IT organizations attempting to keep their enterprises secure.”…”It’s time to reinvent the firewall!”1
What exactly is a Next Generation Firewall? Let’s first look at traditional firewalls. Traditional firewalls, which are port-based, have been around for twenty years and are outdated. Their features are to either “block” or “allow,” which are limiting for today’s computer and internet use. Usually, a traditional firewall is built to allow traffic from the trusted network to pass to the un-trusted network, unless it is blocked. With the advent of a new generation of applications accessed by network users, port-based firewalls are susceptible to data leakage. Some of these applications use techniques such as port-hopping to evade traditional port-based firewalls.
For security and compliance reasons, most businesses and organizations are concerned with controlling the applications that can leak sensitive data, such as credit card information and social security numbers. Next Generation Firewalls offer such protection and include an intrusion prevention system (IPS) and a firewall on the same device that are integrated and work closely together. They can correlate firewall rules to user names instead of IP addresses. They also need to be able to recognize protocols based on traffic and not pre-assigned ports and to block such protocols even if the port used is not the one you would expect.2 There are second, third, and even fourth generation firewalls. The term Next Generation Firewall most often includes those most up-to-date firewalls, such as the third and the fourth. Next Generation Firewalls offer the most comprehensive protection.
1 Miller, Lawrence C., CISSP Next Generation Firewalls for Dummies, Wiley Publishing, Indianapolis, Indiana, 2011
2 http://www.cutimes.com/2011/03/28/credit-unions-and-next-generation-firewalls