SteelFusion: Standardize Security at All Your Remote Sites
The CIO has implemented air tight security protocols around the build and provision processes in the data center (DC). Servers and applications are patched, hardened, and tested before they are allowed to go live. Teams of IT security professionals scrutinize server and application vulnerabilities and recommend industry leading best practices and solutions via a documentation control mechanism. It’s not fast, but if anyone did get through the layers of cryptography, firewalls, passwords, and processes then well done them! Solid, understood processes delivering consistent secure systems by all central IT teams. Good work.
But then there’s Dave. Dave is the new guy out in the regional headquarters (HQ) who has been hired to look after the remote branch offices in region. He’s been handed a bunch of documentation to go through to get up to speed. There’s a lot of it. Before he gets through all of it his line manager pulls him into a rush job.
“Dave, we’ve got a site where the sales reps check in once a week to update the sales database. The server isn’t responding, not for the first time, and the box needs a rebuild. Go out and see what you can do.”
No stranger to server builds and application installs, Dave sets off armed with CDs and USBs for all eventualities. He gets to site, spots the problem, and rebuilds the OS partition within a few hours and saves the day. Being no fool Dave checks in with his boss to report and asks if there’s anything else he needs to do. “Sort it out when you get back, job well done for now.”
Dave gets back to regional HQ and moves onto his next job. His boss closes the IT support case and the business keeps on running. Good work Dave.
What’s one server?
There is now a gap in the CIO’s armor, not a big one or one that will be exploited immediately, but it’s there. A server that didn’t get the right security processes applied to it due to human error and circumstance. And the big question is; how many more remote office sites and servers have slipped through? How many gaps are unknowingly growing?
And it’s not just human error that plays a part. There’s a good argument that automated processes may have detected the server on the network and hardened it without human intervention. But what if the WAN was down? What if the alarm for that site had got lost in the noise from all the other alarms? A password change or policy setting that never made it down to the server? Other more demanding projects pulling focus and resources causing distraction? Staff turnover and loss of knowledge? Politics and finances delaying works? And the list goes on…
Tasks are put off for later, done to get past a hurdle, or ignored because it hasn’t happened in the past. The weakness in most IT processes, and security, is the human factor.
If a third party breaks into the office one night and decides to walk out with an unsecured server, not only is the data unsecured but the OS as well. A simple brute force attack on the server will more than likely open up the server and the data onboard. It might “only” be regional and contained to a degree, but reputations are like a pane of glass and once it’s scratched it’s hard to remove. No one wants that customer conversation getting out to the press!
So wouldn’t it better if when the third party tried to access the data;
- They couldn’t boot the server to try a brute force attack?
- If they cracked the server the data wasn’t there?
How do you stop the double whammy of you data falling into the wrong hands AND losing it altogether?
SteelFusion and blockstore encryption
SteelFusion and Blockstore Encryption make the data inaccessible, without a password, up to the U.S Government security level of TOP SECRET when an appliance is powered off and on. This means every server and every piece of data hosted on the SteelFusion Edge Device is encrypted until an administrator unlocks it, preventing any third party from accessing anything on the disks.
With the flexibility of SteelFusion and its hyper-converged edge services, the unique ability to mix and match what you need where you need it, makes the solution highly adaptable. You can secure both the servers and the data with AES-256 data at-rest encryption lowering the attack footprint.
If you already have a mature server estate, why not secure just the data with SteelFusion? With LAN speed access in the remote office and 24/7/365 replication of the data back to the DC, even if the server leaves the building, the data is on separate local infrastructure and secure in the DC.
SteelFusion Blockstore Encryption is applied at the disk level, if the third party decided to just take the disks and then managed somehow to cobble them together into a RAID array that would read them, they would be useless. At best they have a new bunch of paper weights.
The SteelFusion Blockstore Encryption is:
- AES-256 data at-rest encryption
- TOP SECRET compliant
- Designed to be level 1 FIPS 140-2
- Meet HIPAA Requirements
Standardize and secure all your remote sites
Human error, paths of least resistance, and good old fashioned bad luck will always mean that security processes are not followed 100% of the time. With SteelFusion and Blockstore Encryption that risk is minimized by encrypting all data at rest in the remote office, regardless of server or data type, automatically.
You can’t stop every eventuality and monitor every single action, but you can lower the risk and reduce the attack footprint with SteelFusion and its native Blockstore Encryption. To find out how to bring standardized, full data security to all your remote offices, visit the Zero Branch IT site and find out more.