Archive for the ‘Security’ Category

Debunking the Myth that High Availability and Disaster Recovery Are Equals

Posted on: December 6th, 2017 by Daniella Lundsberg

If there’s one thing that can completely derail digital transformation plans, it’s a cyberattack. Attackers grow increasingly sophisticated every day while businesses continue to add vulnerable endpoints and links throughout networks and IT infrastructure. No matter how safe and reliable cloud infrastructure has become, a single targeted DDoS attack could lead to costly downtime for your business.

Enough high-profile enterprises have experienced public cyberattacks and data breaches that security is now a top priority for any business leader. While disaster recovery (DR) was once a luxury for only the biggest brands, it has become a necessity for all companies.

However, there’s confusion in the market for business continuity. So many solutions are sold with the promise of high availability (HA), even experienced IT leaders can misunderstand what this term means.

HA and DR might seem synonymous, but there are important distinctions that impact data protection in your enterprise.

HA and DR Are Complimentary, Not Substitutes

You’ve likely purchased IT infrastructure solutions that have guaranteed “nines” of availability. In a perfect world, you might expect this promise of HA to apply in all scenarios. However, IT leaders must recognize that HA focuses on uptime during routine operation. When an application or system is guaranteed at five-nines availability, you and your employees will have access for all but about five minutes per year.

The caveat is that HA guarantees do not apply to disaster scenarios. Businesses that are tempering DR investments because they think HA is enough are making a mistake.

DR is where recovery point objectives (RPOs) and recovery time objectives (RTOs) come into play. If you experience a cyberattack or withstand a natural disaster that results in downtime, you need to know your:

  • RPO: The threshold for data loss between the time you experience a disaster and when you resume normal operation.
  • RTO: The specific amount of time you can withstand until applications and services must return to normal operation, as outlined in a business continuity plan.

Without DR to balance HA, you run the risk of significant data loss in case of unexpected downtime. And without HA to balance DR, your employees could lose access to important applications and services frequently during normal operation.

For years, the issue has been the cost to implement HA and DR throughout an IT infrastructure. If you’re taking data protection seriously, though, it’s time to deploy solutions that are built with both HA and DR in mind — and it doesn’t hurt if they fit the budget as well.

American Digital and HPE SimpliVity Meet Enterprise Data Protection Demands

Implementing the HPE SimpliVity 380 hyper converged solution has IT infrastructure benefits that yield data protection that can balance HA and DR needs. With HPE SimpliVity 380, you gain:

  • Automated DR: Integrated recovery automation tools make it possible to enjoy one-click remote restoration of virtual machines to accelerate RPO and RTO.
  • Efficient Data Management: Virtualized workloads can be backed up and restored in seconds or minutes even when you’re dealing with bandwidth-constrained WAN links. Legacy infrastructure might give you hours or days of unexpected downtime, but hyperconvergence can help you achieve cost-effective high availability.
  • Lower Total Cost of Ownership: HA and DR aren’t new, but they haven’t always been affordable. HPE SimpliVity 380 can give you an all-in-one solution that eliminates the need for standalone backup and recovery solutions. Getting rid of many legacy third-party solutions can significantly reduce costs.

American Digital is a Hewlett Packard Platinum partner that can help you implement HPE SimpliVity 380 and other IT infrastructure solutions quickly and efficiently.

If you’re ready to take advantage of budget-friendly data protection and overall IT agility, contact American Digital today.

Hewlett Packard Enterprise specializations include Platinum: Converged Infrastructure, Networking; Gold: Cloud Builder.

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Comprehensive Network Security for Medical-Grade IT

Posted on: September 14th, 2017 by Daniella Lundsberg

The healthcare industry has seen a flood of new medical devices enter their facilities with the explosion of the Internet of Things (IoT). This innovation has created a huge opportunity to improve medical care and patient wellness. IoT devices include implantable technology, such as pacemakers, as well as external devices, such as infusion pumps, heart monitors, and scanning equipment. Hospitals and healthcare facilities have hundreds to thousands of these devices within their facility, often unmonitored or unmanaged.

Unfortunately, these IoT devices provide prime opportunities for hackers to do their worst, including theft of patient data, ransomware, and even potentially compromised patient safety. Healthcare IT leaders are faced with the predicament of safeguarding their network while providing the care their patients require through seamless interaction and uptime of all devices.

Scalability and Automation

In an average hospital, there are typically several networked medical devices for each bed. Multiply that times the number of beds and add in other pieces of equipment such as MRI, CRT, and X-ray systems, and you see that the number of IoT medical devices and systems can become quite large; much larger in fact than the number of actual laptops, PCs, and mobile devices used by caregivers and administrators.

Managing access to and monitoring these IoT devices requires a solution that can scale and automate network-based administrative and management tasks. With the sheer numbers of connected devices, the network must be smart enough to automate secure connectivity. Aruba, a Hewlett Packard Enterprise company, provides comprehensive network management solutions that deliver the robustness, intelligence, and automation to secure medical-grade IT networks.

Securing IoT Endpoints in Healthcare

One of the first steps to gain control of the IoT network in your healthcare facility is to secure the endpoints. This goes beyond traditional endpoint protection implementations for PCs, laptops, and tablets as unsecured medical IoT devices present a much bigger threat of exposure risk. Using comprehensive network device monitoring tools in combination with a sound network access policy management system, such as Aruba ClearPass, helps you get control of your IoT network and feel confident in its security. These are five critical steps in securing your IoT endpoints:

  1. Simplify Device Management. Medical IoT devices can be onboarded in a variety of ways, including 802.1X authentication with RADIUS, MAC authentication, agents, and MAC plus 802.1X or captive portal. Making sure that your system supports tracking the entry points greatly simplifies your manual tracking and device onboarding process.
  1. “Fingerprint” the Devices. In basic terms, this means collecting information from the IoT device such as IP address, MAC address, and any other characteristics to help network managers understand what normal behavior is for that device. This is a crucial step in discovery of breaches, as any aberration from normal behavior could indicate malicious activity.
  2. Profile the Devices. After going through the discovery and fingerprinting process, a good practice is to profile the devices so they can be classified. Contextual data (device attributes — such as name, type of device, IP address, MAC address, etc.) is gathered using network-based collectors. Once all the contextual data is collected, a profile is created for the device, which is used as a basis for policy management. Device data is continuously checked against the profile so if deviations occur (e.g., a medical device looks like a printer), the device can be removed from the network.
  1. Create a Policy. A policy is only as good as the data used to build it and the tool used to enforce it. Find a tool that provides policy automation to effectively manage the scale of workflows required in a high-volume IoT environment. Policies should be managed so that as new devices are added, they are profiled and added to the correct zone. This gives your organization tight control over how devices operate and communicate, resulting in better containment of threats when they emerge.
  2. Monitor and Analyze Traffic. Make sure that you can automate information-gathering from several sources and then analyze that data for odd behavior. Why? You need to be able to quickly identify devices to be removed from the network or quarantined before they cause an issue. That would happen, for example, if a medical device attempts to communicate with an accounting server, which could indicate a breach. When unusual traffic is discovered, network management solutions like Aruba ClearPass can automate disconnection of the device from the network, minimizing the damage.

Secure Segmentation Is Crucial

A critical part of any plan to secure your IoT endpoints is segmentation:

  1. Securely Partition Traffic. At a high level, to prevent intruders from moving laterally across the network once they breach it, applications and services should be securely isolated from each other. For example, the network that delivers MRI data to the patient EHR database should be isolated from the network that supports connectivity between the payment card system and the backend financial systems. Guest Wi-Fi should be securely segmented from the network caregivers use to administer and manage care.
  1. Elastic Connectivity. The concept here is to provide access and services to devices only when specifically required and authorized. Network access will only be available for the duration of the session and then retracted from the edge, to reduce exposure.

IoT security in healthcare devices may seem daunting, but with these guidelines you’ll be well on your way to reducing the risk of compromised patient data or having life-supporting equipment locked down without proper controls in place.

To learn more about how American Digital and Aruba network policy management solutions can help you safeguard your healthcare network, contact us.

Hewlett Packard Enterprise specializations include Platinum: Converged Infrastructure, Networking, Storage; Gold: Cloud Builder.

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

HP IDOL and Facial Recognition Technologies Unite To Enhance Public Safety

Posted on: June 24th, 2015 by Daniella Lundsberg

The security landscape is changing and, with it, highly secure organizations from the military to law enforcement are benefitting from behavioral recognition technology including facial recognition. Meanwhile, the explosion of big data puts a wealth of real-time information at our fingertips, giving us the ability to analyze data rapidly and expedite action. When we bring these innovations together – uniting multiple disparate data sources from various real-time surveillance videos, photos, and audio files – we can connect the dots in mere seconds. As such, we could potentially identify fraud, criminal suspects – even terrorists at a live public event – faster and easier than ever before.

Leading this space is HP Intelligent Data Operating Layer (IDOL), which helps organizations pool together a multitude of data sources to rapidly locate relevant information, analyze that information, and act on it immediately. And IDOL provides this capability out of the box – connecting with outside information without the need for third party add-ons. With powerful extensibility, HP IDOL supports searches within massive video, photo, or audio libraries or feeds.

Even if it’s stored securely behind various user privileges and requirements, HP IDOL has brainpower to discover and index data across all of those secured sources and determine relevance in seconds. It then presents actionable analytics on one dashboard with the speed and agility required to support critical decisions.

“We’ve helped government agencies employ HP IDOL to use their data intelligence for improved efficiencies and expedited decision-making, dramatically improving public safety,” explained an American Digital consultant.

Popular applications include:

Rapid mapping of an individual’s recorded interactions
Scene recreations using various photos and videos
Personnel screenings for enhance base security
Real-time facial surveillance and monitoring for secure events
Facial features matching with security clearance databases
Expedited security response and criminal case resolution

Is IDOL the right fit for your organization, please contact your Big Data Consultant to learn more.

Measuring the Reputation Cost of Data Breach

Posted on: May 19th, 2015 by Daniella Lundsberg

The security landscape is constantly evolving, with businesses today fighting a cybercrime ecosystem that encompasses global players. Hackers now invest as much – if not more – toward exposing vulnerabilities as companies do in securing them. Assuming the right solutions are in place, most enterprises can stay under the radar and avoid a major breach. But there’s never a guarantee, and recent exposures at companies like Home Depot, Sony, and Target offer valuable insight that can help us all plan for and better comprehend the magnitude of loss potential.

The initial breach primarily affects the consumer, who faces bank-imposed limits and time-consuming card cancellations. For the business itself, along with that data loss, one of the greatest risks is long-term damage to the brand’s reputation. A trusted and established reputation can take decades to build – and mere seconds to destroy. Security breaches force companies to invest heavily in resources aimed at salvaging employee morale, stock valuation, consumer trust and loyalty. When customers are afraid to transact with a business, this also naturally puts a strain on traffic and revenue. For companies that survive a scandal, the fallout and ramifications can still take months to years to reconcile.

The extent of the damage and the time it takes to reinvigorate a brand’s reputation is largely dependent on the breadth of exposure and the manner in which the crisis is handled. Data breaches are one of three occurrences to have the greatest impact on brand reputation, according to a survey conducted by Ponemon Institute and sponsored by Experian’s Data Breach Resolution unit entitled “The Aftermath of a Mega Data Breach: Consumer Sentiment”. In this survey, data breach was ranked up with environmental disasters and poor customer service.

When evaluating potential risk, planning for crisis resolution, and assessing the cost of an enterprise security solution, tangible assets alone aren’t enough. Decision makers must also estimate the monetary value of, and the earning potential in, their brand reputation. They need to ask themselves: “How much is our brand reputation worth?”

Ready to for a security assessment? Contact the American Digital security team today.

Contact Us

Learn More About Us