I remember, back when I was two, I had a little blue blanket. It had a blue shiny border and made me feel warm, comfortable, and secure. I cried when my mom washed it because somehow it was different when it came back. It smelled nice and clean, but it just wasn’t the same somehow. By now, you’re probably wondering why I’m bringing this up. So am I, actually, but I’ll get there.
This blog is coming at you directly from the HP NonStop Security SIG in Canada. A number of vendors showed up today to present their capabilities and perspectives. It was a pretty good event. Topics included: PCI Compliance, Sarbanes-Oxley (SOX) Compliance, Kerberos, single logon, various protocols, emulations, integration points, auditing and reporting. OK, so why am I rambling on about security on an Indestructible Computing blog?
Security is rarely considered in the Indestructible Computing domain. Yet security breaches definitely contribute to outages, particularly when the criminal is bent on malicious damage rather than data access. Fortunately, of all the breaches, this kind is not that common. A bigger concern these days for security is protecting data from prying eyes. But come to think of it, if you get audited and get shut down because you’re too vulnerable, that’s a pretty big problem for your customers.
But if you look at indestructibility, security and authentication can play in other ways that are not obvious, but annoyingly interrupting. Suppose a customer logs onto your banking application using their card number and password and then changes their password. If everything goes right, all the servers happily running in the data centre pick up the credential changes and are able to service the customer’s requests for balances, transfers, and other inquiries. But what if one system is down for maintenance – it happens? The password update isn’t picked up by that system immediately, but that should be OK. The user gets a note that some part of the system they don’t care about isn’t available, and they carry on happily. An hour later, the system and user come back in. The user now wants to use resources on the system that was down, but the batch job that updates passwords from the master password server hasn’t run yet. Now you have an unhappy user who has to call customer support. That costs you money for the support agent and credibility to the customer. So the important part of this equation is that password and credential management must have no latency. It may even be that the servers that process your credentials are right up there with the more critical parts of your service offering, because they are customer facing.
But that’s not all. Current audit requirements mean that so much logging is going on that companies need increasing amounts of disk every year. We’re even hearing that we’re going to have to eventually keep records of all traffic going through our routers. Who makes this stuff up, disk drive manufacturers? We’re projecting a need for terabytes of storage just for security and audit compliance. And, the rub is that if you run out of disk, your application cannot process transactions or even inquiries. You actually have to shut down until you can start logging again. Now that is not indestructible, is it?
- Random rant: In an effort to keep things politically correct to reduce HR vulnerabilities and access to bad sites, some companies are putting in activity loggers as part of their security and audit infrastructures. These are going on your laptops and workstations! The concept is great for catching slackers and indiscriminate porn surfers. The problem is that some of these tools can also capture credit card information, passwords, and other identifying information. Who is securing the HR department? What if their tracking data is hacked?
Security is like a warm blanket. You can wrap your systems up in it and feel all nice and comfortable. But some hackers might want to take away your blanket or poke at you through it from places you can’t see. More importantly, you can’t hide from your customers under it. And unlike some superheros' capes, blankets are not indestructible.
Copyright © 2009 Randall S. Becker.
No comments:
Post a Comment