Immutable Instantaneous Insurance: the missing link in the Data Chain?
Tue 16 Feb 2021 | Robert Tribe
Rob Tribe, VP Systems of Engineering at Nutanix, calls for a logical approach to data security to protect data assets in real-time.
Modern applications process data in what is effectively a real-time format. This means that changes made in one application or data service area can instantaneously drive subsequent actions in other autonomously integrated systems. The throughput efficiency here gives us the potential for significantly expanded computing power and data analytics insight.
But as with all forms of great power, it comes with great responsibility.
As data processing approaches the speed of light (or at least the speed of quantum power), we need to balance that instantaneous ability to drive application runtimes with an equally instantaneous methodology to support data security.
By creating a new layer in our IT fabric to enable us to instantly create an immutable copy of all data created, processed and stored, we can build a safeguard against malware attacks, which can themselves be executed with near-instantaneous effect.
Permission to be permissionless
In terms of immutable instantaneous records and data management, we can of course point to the use of blockchain as an obvious route here. More accurately, we can point to the use of blockchain and blockchains (plural) as some data will be more publicly shared with partners and customers in a permissionless way, while other data will need to be kept closer to our chest on permissioned private dedicated blockchains.
But even with blockchain on board, the real instantaneous security control advantage comes from a platform-level approach.
The control factor is important for many reasons, not least of which is the fact that malware, spyware, ransomware and other forms of malicious attack-ware can be pervasive, pernicious and (unfortunately) very popular.
With global attacks happening every minute of every hour around the planet, it becomes clear that no single action, software solution, or security control can comprehensively protect any business.
A singularly multi-layered approach
We say that no single solution can solve these issues. In answer then, equally, we can say that the only prudent way forward is a multi-layered approach, often called a ‘defence in depth’ strategy.
This is the ability to use protection that exists at the application-level, the data services level, the compute stack infrastructure level, the integration layer level, the cloud datacentre backbone level and throughout the other connective tissue layers of the total IT stack.
We can call this the detect-prevent-recover cycle and it is a discipline that needs to be continuously implemented inside live production environments from data point zero, on day zero and at ground zero.
But the responsibility for building, managing, operating, updating and maintaining a multi-layered security protection layer against the multiplicity of attack vectors out there can be difficult for many organisations.
Some will find it technically and architecturally beyond the scope of their current operational fabric, some will find it cost-prohibitive and others will find it simply too tough to run at a comprehensive enough level of depth.
Depth of cloud via hyperconverged infrastructure
A natural antidote to these challenges well-suited to enterprises large and small is the option to more holistically embrace the advantages of hyperconverged infrastructure (HCI), where battle-hardened security services extend from auditing to identity and access management… and onwards to application segmentation for virtual machines, in order to ensure data can exist in the safest location whenever and wherever it is needed.
This isn’t just a question of segmenting data based on basic security parameters. This is what we would call ‘Flow Microsegmentation’ i.e. the ability to extend beyond secure configurations and audits to the hypervisor layer.
This approach allows organisations to provide network and application segmentation for virtual machines, which can limit the spread and impact of a ransomware infection.
This, in real terms (and in real time) is the route to immutable instantaneous insurance.
Operating with an -as-a-Service mindset
Ransomware continues to be popular because it is effective. Established criminal organisations even offer ransomware as-a-Service, while others have established malware-as-a-service derivatives for banking trojans, targeted eCrime, etc. The sensible answer here involves meeting threats with protection on a like-for-like basis i.e. malicious attacks as-a-Service demand to be met by security tools as-a-Service.
Traditional networking tools can have challenges operating in a virtual environment. To facilitate the use of virtual network-based threat intelligence tools, the safest route is Security-as-a-Service from as a policy-based service insertion of network security and threat awareness tools, from the cloud foundation network layer itself.
Onwards to Business Continuity & Disaster Recovery
This set of approaches carries forward from security provisioning, onwards to Business Continuity and Disaster Recovery (BCDR), which should also come from an intelligent network layer. Much like cyber defences, recovery plans should be a layered approach that is based on business needs and required operations recovery times.
Ideally, a clean snapshot from a time just before the ransomware infection will provide the quickest option to recover data.
We can travel the road to immutable instantaneous insurance and get to a point where organisations in every vertical can simplify their security process as they protect infrastructure and implement appropriate recovery solutions.
The future of work is safer once we implement the immutable instantaneous missing link in the data and application security chain.