February 2014 - Jonas M Palencia

When the Internet was invented several decades ago, security was not in the minds of the pioneers. TCP/IP, the protocol used to send data from one point to the next was inherently insecure. Data are being sent over the wire in clear text. Today, advances in encryption technologies enabled the data to be secure while in transit. When you shop at reputable websites, for instance, you can be sure that the credit card number you send over the Internet is encrypted (You will see https on the URL instead of http). Most web applications now (such as gmail, facebook, etc) are encrypted.

However, most of these data, when stored on the servers (data at rest) are still not encrypted. That’s why hackers are still able to get hold of these precious data, such as personally identifiable information (PII) – credit card numbers, social security numbers, etc. as well as trade secrets and other company proprietary information. There are a lot of ways to secure data at rest without encrypting them (such as using better authentication, better physical security, firewalls, using secured applications, better deterrent to social engineering attacks, etc.), but encrypting data at rest is another layer of security to make sure data is not readable when hackers get a hold of them.

The demand for encrypting data at rest is growing, especially now that more data are being moved to the cloud. Enterprise data centers are also being required to encrypt data on their storage systems, either by business or compliance need.

Luckily, IT storage companies such as EMC, NetApp, and many others are now offering encryption for data at rest on their appliances. However, encrypting data is still expensive. Encrypting and decrypting data need a lot of processing power. Moreover, adding encryption to the process may slow down the access of data. Better key management system is also needed. For instance, when using the cloud for storage, data owners (as opposed to service providers) should solely possess the keys and should be able to manage the keys easily.

The Internet will be more secure if data is encrypted not only during transit but also during storage.

When designing the IT infrastructure (servers, storage, and network) of small remote offices, infrastructure architects of large enterprises are often faced with the question, what is the best IT infrastructure solution for remote sites? Low-cost, simple, secure, and easy to support solution always come to mind, but positive end-user experience in terms of network and application performance, and user friendliness should also be in the top priorities when building the infrastructure.

Most small sites just need access to enterprise applications and to file and print services. Network infrastructure definitely needs to be built – such as the site’s local area network (LAN), wireless access points, wide area network (WAN) to connect to the enterprise data center, and access to the Internet. The bigger question though is: should servers and storage be installed on the site?

There are a lot of technologies such as WAN accelerators and “sync and share” applications that will forgo installing servers and storage on the remote sites without sacrificing positive end-user experience. For instance, Riverbed WAN accelerator products tremendously improve performance access to files and applications from the remote sites to the enterprise data center. These products can even serve up remote datastore for VMware farms. “Sync and share” applications are dropbox-like applications (such as EMC Syncplicity). Enterprises can build a storage as a service solution in their internal infrastructure. This will eliminate the need to install file servers or storage appliances on the remote sites.

The decision to “install servers” or “go serverless” at the remote sites still depends on many factors. They should be dealt with on a case by case basis and should not rely on a cookie cutter solution. Some of the criteria to consider are: the number of people at the sites and the growth projection; the storage size requirement, available WAN bandwidth, the presence or absence of local IT support, office politics, and country/region specific regulation for data to remain local. If these issues are factored in, a better solution can be designed for remote offices.

Jonas M Palencia

Principal IT Engineer :: helping companies architect, implement, secure, and operate IT infrastructure on premise and on the cloud.

Monthly Archives: February 2014

Data At Rest Encryption

IT Infrastructure for Remote Offices