Over the past three years, homeland security has been a major priority for North America and around the world. On a daily basis, people have been tuning in to hear the most recent information on the war on terror and determine the latest national threat level. Whether it has been Code Orange or Code Yellow, the public understands the scope of threats against our country and our U.S. neighbours and takes homeland security very seriously – as it safeguards our citizens, borders and infrastructure. Along with the physical meaning of the term, homeland security addresses information security across a wide spectrum of telecommunications, power distribution, public health, law enforcement and vital government services.
Information security consists of ongoing efforts to protect the transmission, integrity and storage of information from both internal and external threats. These threats can range from physical attacks and natural disasters to viruses and worms, hostile intelligence-gathering and even biological attack. Protection must cover data and applications, networks, equipment and facilities, as well as IT and personnel. It must also extend across governmental units and contractors.
A disaster can ultimately cripple our ability to deploy military, first responder and law enforcement resources, maintain vital services, issue drivers licences, and even collect taxes. At the same time, security and other reviews have highlighted gaps and weaknesses in capabilities to protect computers, communications and data. To address these shortcomings, government units must take immediate steps to identify information security threats, protect IT resources and ensure continuance of operations.
Both the private and public sectors are now emphasizing information security. However, information security in the public sector is complicated by both the ramifications of an attack and an abundance of disparate heterogeneous systems within and among government units.
While the private sector can limit access, many government units are required to provide access to public services. The drive toward intergovernmental and departmental information sharing, especially among law enforcement agencies, also makes it harder to balance access and security. Information superiority, or the gathering, analyzing and sharing of relevant information, facilitates the timely and effective deployment of our defence resources. In order to meet these demands, organizations are turning to an information infrastructure solution, honing in on three critical elements – consolidation, control and continuity – to more efficiently deploy and manage resources while quickly responding to adversity:
Consolidation: The consolidation of servers and storage allows for significantly higher utilization rates. Consolidation reduces the amount of storage a company needs to buy and manage and allows staff to spend less time juggling complexity and more time driving the business forward.
Control: An IT organization’s ability to manage complexity through centralized storage management enables it to “automatically” control its many devices, quickly execute tasks and assign processes across the entire heterogeneous environment. Leveraging powerful management tools to simplify storage administration will determine whether or not an organization can meet or exceed its agreed upon levels of service.
Continuity: Protecting information assets through robust business continuity can reduce the risks inherent in having numerous points of control and back-up devices. Once the above consolidation and control capabilities are in place, continuity steps in to measure and protect information while guaranteeing the safety and security of both local and remote information.
A networked storage solution sets up a single unified infrastructure that accelerates the flow of information and breaks down any barriers between diverse technologies and stove-piped infrastructures.
What’s more, it can enable IT managers to build an infrastructure that will ensure survivability and resilience by including:
Information centricity: Allows for the consolidation of information throughout the enterprise into central locations, enabling IT managers to leverage information, rather than merely managing technology. Without consolidated and shared information, an organization cannot fully meet its goals and objectives.
Heterogeneous connectivity: Unlike traditional server-based storage, an advanced information infrastructure stores, retrieves and connects to data from all major computing platforms including: both mainframe and open systems environments, networks, file servers, web servers and management interfaces.
Cascadability: Enterprise storage is cascadable, meaning it can be re-assigned over time so that it is a re-usable and non-obsolete resource, ensuring that information can be utilized – even when applications or other IT equipment are discarded, upgraded and replaced.
Information management: A common information management environment simplifies tasks and provides a centrally managed point of control. For example, it enables seamless backup and restore capability, and delivery of user performance data for every platform, while driving the standardization of IT processes throughout the enterprise.
Information sharing: Advanced software intelligence bridges stove-piped mainframe and open systems environments, allowing information to be shared without depending on traditional IP network based techniques.
Information protectionand survivability: Enterprise storage provides reliable mission continuance protection and continuity of operations against planned and unplanned outages through diverse features. This ensures maximum protection and virtually 100 per cent data availability. Together, these attributes can provide the ability to leverage a single enterprise infrastructure resulting in one way of sharing, protecting and managing information. It will help drive standardization to reduce cost, complexity and redundancy without sacrificing the flexibility to support mission critical applications. And through a flexible architecture, it has the ability to change and evolve based on requirements while eliminating the costly replication of data, equipment and training.
An information infrastructure can help government agencies manage their network-attached storage (NAS) and storage area network (SAN) environments with a unified view of all their information assets. They can then manage more information, more simply, at lower cost – and respond more quickly to changing needs.
Whether an agency’s data storage devices are from a single vendor or multiple vendors, it can consolidate all agency data into a single, centralized system. Such a system means that information can be accessed no matter where it resides, regardless of whether it is a centrally located database or a remotely connected laptop computer.
This paradigm shift from processor-centric to information-centric computing provides many benefits critical to data protection. Advanced data storage networking technology can be used to create a heterogeneous storage environment that embodies these attributes and reduces the friction of information access.
One of the key questions asked is “How many copies of information are needed to ensure its survivability?” The answer lies in an infrastructure’s capacity to replicate large quantities of information without affecting production access to the source. Through replication solutions, an infrastructure can function consistently across a wide range of operating environments and databases, at the same time as supporting local and remote wide area replication with minimal bandwidth requirements.
Commercial-off-the-shelf (COTS) solutions are readily available that provide application independent, differential, remote replication.
Government managers must also keep their eyes on the future. Advancing initiatives, architectures and technologies will deliver new security capabilities as well as threats. As with private industry, the public sector must prepare for the increasing adoption of web services and wireless technologies. Managers must also prepare to deliver the information security required by demands for the inter-governmental collaboration that breaks down inefficient organizational silos and reduces the intelligence and other gaps among various government units.
While important first steps have been taken to review government information security and address vulnerabilities, more must be done.
Information protection must become a part of agency culture and be incorporated into almost every initiative. Some are even recommending that security compliance be part of every personnel evaluation. Static security policies must be replaced with initiatives that continuously improve – and test – capabilities to protect, mitigate and recover from attacks. 064280
Nick Lisi (lisi_nick@emc.com) is managing director of EMC Canada of Toronto, a supplier of products, services and solutions for information management and storage.