image Converged Architecture Infographic image “Do the Right Thing”—10 Key Tenets of cStor Customer Service

Nine Tactical Solutions to Secure the Data Center

cStor Security in the Data Center

We all need strategic conversations about IT and Big Data—scalability, serving business goals across disciplines, and protecting information assets. But it seems like just when things get started, key personnel get called out of the meeting due to an operational outage. It’s extremely challenging to get everyone into a room in the first place, so when the opportunity continues to get interrupted, it is vital to explore applicable solutions to shore up operational challenges. These solutions are operationally focused and can quickly help remedy issues.

There are many Data Center solutions at different stages and for specific needs. Security in core IT areas is essential; application health monitoring, security, network, compute and storage. Enabling quick resolve of operational issues with rapid-to-implement solutions builds credibility and trust in the Data Center. With increased trust and key personnel having more bandwidth, cStor is able to take Data Center conversations to the next level and help meet three- to five-year strategic goals.

Here are some solutions that may help solve common IT challenges (in alphabetical order):

AppDynamics —For web-based applications leveraging Java, .NET, and PHP, AppDynamics provides application base-lining of critical nodes performance.  If the performance exceeds the baselines an alert is thrown.  Troubleshooting the problem becomes three clicks versus trying to understand the environment and guessing what is causing the problem.  AppDynamics can turn a 12-hour war room into a 12-minute resolution session by pointing to the problem, down to the line of code that may be inducing the problem.

Citrix —Secure Remote Access for all users and virtualized and optimized desktops dramatically reduce operational support for many users.  Leveraging their BYOD solutions ensures your data is safe while enabling mobility for the business. 

Cyber-Ark —In regulated and security-conscious environments like Healthcare, Financial Services, Retail, and Energy Cyber-Ark holistically manage privileged accounts access.  Privileged credentials and accounts are critical risks that must be managed. They are used as an attack vector in virtually every advanced targeted attack, and are at risk of insider threats. Their power can provide unlimited access, so it’s no surprise that internal auditors and compliance regulations set specific controls and reporting requirements for the usage of these accounts.

Regarding Insider Threat, we like to think we can trust all of our employees, but history has proven us wrong. Trust only goes so far. Malicious employees steal from their employers. And for privileged users, it’s not that hard to do. Privileged insiders, including systems administrators, database admins and users with unusually high levels of access can target the heart of the enterprise, seeing and doing just about anything they want. And they can erase all traces of their activities. CyberArk’s comprehensive solution for privileged account security is purpose-built to protect against both insider and external threats, providing complete protection, accountability and intelligence on privileged account usage.

Nutanix —Nutanix collapses Vmware, Compute, SSD, MEM, and Spinning Disks into small 2U solutions with 4-16TB per 2U.  On average the 2U solutions use 80-90% less cooling and power which means the client won’t have to put in more power or cooling prior to implementation.  Typical installs are extremely fast and the look and feel is exactly what the client already knows.  The Nutanix solution utilizes “Web-Scale Architecture” in a Distributed Everything model.  The configuration includes a 4 node cluster that allows for Automatic-Un-interrupted fail over from any failure in power supply, CPU, memory, SSD, disk or entire node.  As the System expands and grows to multiple 2U appliances, fault domains will encompass protection across appliances as well. Capacity (Desktop) expansion as well as code upgrades are non-disruptive and do not require any downtime or a re-boot. Upgrades can be applied automatically or on-demand without the need to evacuate users and their data.  Nutanix “pay as you grow” architecture is very desirable to most environments that tie project costs to infrastructure.

Okta —Okta is fast to implement SSO solution for environments leveraging a lot of web-based applications, each with their own Local User Database (i.e. account is not in AD).  Password resets account for around 40% of most Tier 1 help desk calls.

Palo Alto Networks —PANs Network Intelligence features can be leveraged to better understand the applications, threats, and which nodes or users are possibly misconfigured.  If a service account password is changed within AD but an embedded local service account isn’t updated, PAN will alert to a node trying to brute strength (10 failed login attempts) attack the application or database server.  It sounds nefarious but is a common challenge in most environments.  Also, being able to tie usernames to IP addresses along with which applications are being used overlaid with malicious activity in a single pane of glass helps immensely to isolate a business-impacting problem. This can be done in-line with the traffic or via a span or port mirror session.

SafeNet —PKI management seems to always be a problem.  Certificates expire, web sites go down and the business start yelling at Operations.  SafeNet automates this process to proactively prevent that from happening.  Also, leveraging the One Time Password solution dramatically increases the client’s security posture with user accounts that become compromised.

Sumo Logic —Many environments still don’t have a robust Enterprise logging solution for many varied reasons.  Sumo Logics cloud-based solution is easy to implement, supports masking of data the client doesn’t want to be sent to the cloud.  Most importantly, Sumo Logic’s Log Reduce functionality can reduce thousands of messages to less than a page enabling Operations to quickly pinpoint what changed or broke in the environment causing impact on the business.

Tanium —Tanium is asset management on steroids.  Tanium solves the IT challenge of getting accurate OS and application counts for licensing as well as being able to patch both.  Tanium is quick to deploy and managed by a single server (Up to 400,000 nodes).  Leveraging a peer-2-peer architecture, inventory questions are responded to via live information versus data from the last network scan last week.  Tanium also reports unknown devices on the network to the management server allowing the user to define the network node’s identity (access points, printers, time clocks, etc.) via its MAC address.  Once done, automation with associate similar MAC addresses to what they really are.  Do you need to edit or delete a registry key to block malware or deploy a patch right now?  Tanium can do it.

At cStor, we look at the whole picture, bringing in the right tools to secure the Data Center and then add scalable services to meet ever-growing business needs. With trouble-shooting secured, the focus can be on building Data Center capabilities and flexibility—taking Data Center management to the next level. We’ll take you there, next.

 

About Larry Gentry
Larry Gentry is responsible for ensuring cStor provides its clients with innovative data center and cloud solutions for the healthcare, manufacturing, government, education, retail, insurance, utility and other industries. His business acumen and management expertise stem from years of senior-level leadership and high-tech management experience with companies such as Kroger, Kohl’s department stores and Shopko. Larry attended Lewis and Clark College along with Mt. Hood Community College prior to beginning his management career and holds multiple industry certifications. Larry has been a member of the board of directors for the Desert Southwest Chapter of the Alzheimer’s Association since 2009, where he currently serves as Vice-Chairman.
window.lintrk('track', { conversion_id: 6786290 });