IDENTITY AND ACCESS MANAGEMENT(IAM)

Identity and Access Management (IAM) comprises of people, processes and products to manage identities and access to resources of an enterprise. The ultimate goal of IAM Framework is to provide the right people with the right access at the right time.

IAM components can be classified into 4 major categories: authentication, authorization, user management and central user repository (Enterprise Directory)

Authentication

This area is comprised of authentication management and session management.  Authentication is the module through which a user provides sufficient credentials to gain initial access to an application system or a particular resource.  Once a user is authenticated, a session is created and referred during the interaction between the user and the application system until the user logs off or the session is terminated by other means (e.g. timeout).  The authentication module usually comes with a password service module when the userid / password authentication method is used.  By centrally maintaining the session of a user, the authentication module provides Single Sign-On service so that the user needs not logon again when accesses another application or system governed under the same IAM Framework.

Authorization

Authorization is the module that determines whether a user is permitted to access a particular resource.  Authorization is performed by checking the resource access request, typically in the form of an URL in web-based application, against authorization policies that are stored in an IAM policy store.  Authorization is the core module that implements role-based access control.  Moreover, the authorization model could provide complex access controls based on data or information or policies including user attributes, user roles / groups, actions taken, access channels, time, resources requested, external data and business rules.

User Management

This area is comprised of user management, password management, role/group management and user/group provisioning.  User management module defines the set of administrative functions such as identity creation, propagation, and maintenance of user identity and privileges. One of its components is user life cycle management that enables an enterprise to manage the lifespan of a user account, from the initial stage of provisioning to the final stage of de-provisioning.

Central user repository (Enterprise Directory)

Central User Repository stores and delivers identity information to other services, and provides service to verify credentials submitted from clients.  The Central User Repository presents an aggregate or logical view of identities of an enterprise.  Directory services adopting LDAPv3 standards have become the dominant technology for Central User Repository.

Oracle, Microsoft and IBM are pioneers in IAM technology.

VIRTUALIZATION

1. What is virtualization?

In computing, virtualization (or virtualisation) is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system (OS), storage device, or network resources.

2. How virtualization works?

Virtualization needs a special software that runs as a virtualization layer (called a hypervisor) between the hardware and the operating system.

3. Why virtualize?

There are many reasons for adopting virtualization. A popular one is better resource utilization. It is not uncommon to see servers running at 10 percent or less of their capacity, at different points in the day. By letting several virtual servers share a single set of hardware, a much higher average utilization rate is achieved, and hardware and support costs are lowered. Virtualization also makes it easier to provision and reallocate servers. Instead of having to manually set up a server, the virtualization software can set up a server using a pre-existing template and shift server images from one physical server to another to balance workloads or improve efficiency. It can also automatically set up a new virtual server on a different machine when there is a hardware malfunction. Each application is isolated from the others, which provides greater security.

4. What are the different types of virtualisation?

1. Hardware virtualisation

2. Desktop virtualisation

3. Software virtualisation

4. Storage virtualisation

5. Network virtualisation

5. What are big challenges to virtualization technology?

Backup and restoration of Virtual Machines (VMs), software licensing are big challenges to virtualization technology.

6. Who are the pioneers in the field of virtualization?

 VMware (EMC) is by far the largest vendor of virtualization technology for x86 platforms.

IBM is also into foray with their IBM Virtualization Engine Platform.

Microsoft is also playing a major role in virtualization technology with Windows Server.

ON INFORMATION SECURITY

1 .What is Information Security?

Information security is the process of protecting the availability, privacy, and integrity of data.

2. Why Information Security is important?

In today's high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from cyber criminals are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their system of internal control. It is, vital to be worried about Information security because much of the value of a business is concentrated in the value of its information.

3. What is data breach?

A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. The most common concept of a data breach is an attacker hacking into a corporate network to steal sensitive data.

4. What is data breach means to organisation?

A data leak, may lead to a business loss. An organisation may lose their edge against their competitors. Potential hacking of corporate network may affect business continuity of the organisation.

5. What are the different ways to secure information?

Install proper anti-virus software into the corporate network. Installation of Unified Threat Management (UTM) is highly recommended. Strong Information Technology (IT) policy is highly appreciated. Periodically change passwords wherever applicable. Encrypt and Decrypt the data as applicable. Regular system audit may help to know about the security of the data.

6. Are there any guidelines available?

Yes, there are guidelines available. Follow the guidelines mentioned in ISO:27001 for better governance, risk and compliance.

7. Who is responsible for information security in an organisation?

The ownership varies depend upon the size of organisation. Normally in a big organisation, it is the responsibility of chief information security officer (CISO) and in small organisation it is the responsibility of System Administrator or Network Administrator.

ON STORAGE STRATEGY

1 .Why storage Strategy is important to an organization ?

In an information environment, an organization's success is tightly coupled to its ability to store and manage information. Storage systems provide a critical part of an organization's network infrastructure. With the amount of data growing at an incredible rate, your storage strategy must keep pace. In designing a storage strategy for your organization, you must select the right technology for your primary storage system, implement solid backup procedures and ensure ongoing management of the system. The storage technologies are extremely important because as the company expand, the data expand and obviously, need for storage also expand. Enterprise should have robust storage network in order to store any amount of data under any given circumstances.

2 .What is driving storage growth?

Digital Data explosion is driving storage growth. Availability of data at anytime irrespective of how old it may be is another cause that drives the storage growth. In a, knowledge driven era where information is the engine that drives enterprises worldwide, management of information is gaining utmost importance. Widespread implementation of CRM and ERP solutions have contributed towards enterprise data explosion by triggering exponential growth in the volume of information generated about partners, suppliers and customers.

3.What are the factors needs to considered while designing storage system ?

1 .Capacity

2. Scalability

3. Cost

4 Performance

5.Reliablity

6.Manageability

 

3.What are the storage options available ?

Network-attached storage (NAS	one of the on-line storage architectures that promise to deliver businesses with cost-effective, scalable, and manageable alternatives for ever-growing data requirements. Advantages stacked in favour of the NAS technology include increase in data availability, improvements in server performance, optimized data access, end-user transparency, easy setup, low installation and maintenance costs and platform-independence
Storage area network (SAN)	is excellent for moving large blocks of data, exceptional reliability, Wide availability, fault tolerance, Scalability. SAN technologies can be used in large databases, Bandwidth-intensive applications and mission-critical applications
Optical storage technologies	can play a part in an organization's storage strategy. They offer a lower-cost alternative to magnetic disks for extremely large data sets. Magnetic disks offer significantly higher performance, and their costs per storage unit consistently decline
Solid State devices	SSDs can offer incredible performance-almost instantaneous writing and reading of data

 

Let me conclude my blog with the buzz word in managing storage i.e  ‘BIG DATA’.

 

BEING IN THE CLOUD

1.WHAT IS CLOUD COMPUTING ?

It is more than anything on the internet and also more than virtualization technologies. The concise definition put forth by the National Institute of Standards and Technology (NIST) is

cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to shared pool of configurable computing resources (e.g. networks,  servers, storage, application and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

2. WHAT ARE THE CHARACTERISTICS OF CLOUD COMPUTING?

NIST's five essential characteristics of cloud computing provides enough specifics to break the myth that "the internet equals the cloud".  Neither simple web hosting  nor virtualized data centers  deliver the following  comprehensive cloud benefits:

1. On-demand self-service

2. Broad network access

3. Resource pooling

4. Rapid elasticity

5. Measured Service

3. WHAT ARE THE SERVICE MODELS AVAILABLE?

1.  Infrastructure as a Service (Iaas)

2.  Platform as a Service (PaaS)

3.  Software as a Service (Saas)

The other two service model apart from the standard service models are:

4. Data as a Service (Daas)

5.  Business Process as Service (BPaaS).

 4 .WHAT ARE DIFFERENT TYPES OF DEPLOYMENT MODELS AVAILABLE?

Cloud computing environment fall into one of four different models mentioned below:

a. Public Cloud

b. Private Cloud

c. Community cloud

d. Hybrid cloud

5. WHAT ARE THE RISKS INVOLVED IN CLOUD COMPUTING?

Many foresee 'Security of data' as a major risk involved in cloud computing.

 Multitenancy  may bring performance issue.

6. WHAT ARE THE ADVANTAGES OF CLOUD COMPUTING BEYOND COST SAVINGS?

1. Reduced resource needs

2 .Reduced time to market

3. Reduced capital expenditure

4. Increased availability

                5. Cost transparency

ON BUSINESS CONTINUITY AND DISASTER RECOVERY

In today's environment, especially in changing weather conditions pose severe threat to Business continuity. Not only, weather conditions but also hardware failure, virus attack plays havoc in business continuity. What needs to be done in this kind of situation? To have uninterrupted business continuity, proper Disaster Recovery (DR) plan should be in place. There are few questions to be asked before planning for DR.

1.  Is sufficient infrastructure in place for recovery of data if Disaster occurs?

2.  How much time will recovery take, when a disaster is declared?

3.  How much data will be lost while doing the recovery process?

4.  Is our mission-critical data is safe in the event of disaster?

The Two key points to be considered are:

Recovery time objective (RTO) :- the amount of time between an outage and restoration of operations.

Recovery point objective (RPO) :- the point in time where data is restored and reflects the amount of data that will be ultimately lost during the recovery process.

There are different models of disaster recovery.

In a dedicated model, the infrastructure is dedicated to single organization. IT infrastructure is mirrored at the disaster recover site and is ready to be called upon in the event of disaster.

In a shared recovery model, the infrastructure is shared among multiple organizations in other words cloud based recovery.

Normally in a dedicated recovery model, recovery is much faster than the shared model.

It is up to the organisation to choose the recovery model based upon their need. Normally it is trade-off between cost and speed.

It is better to seek the advice of business continuity specialist when planning for DR.