ON INFORMATION SECURITY

1 .What is Information Security?

Information security is the process of protecting the availability, privacy, and integrity of data.

2. Why Information Security is important?

In today's high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from cyber criminals are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their system of internal control. It is, vital to be worried about Information security because much of the value of a business is concentrated in the value of its information.

3. What is data breach?

A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. The most common concept of a data breach is an attacker hacking into a corporate network to steal sensitive data.

4. What is data breach means to organisation?

A data leak, may lead to a business loss. An organisation may lose their edge against their competitors. Potential hacking of corporate network may affect business continuity of the organisation.

5. What are the different ways to secure information?

Install proper anti-virus software into the corporate network. Installation of Unified Threat Management (UTM) is highly recommended. Strong Information Technology (IT) policy is highly appreciated. Periodically change passwords wherever applicable. Encrypt and Decrypt the data as applicable. Regular system audit may help to know about the security of the data.

6. Are there any guidelines available?

Yes, there are guidelines available. Follow the guidelines mentioned in ISO:27001 for better governance, risk and compliance.

7. Who is responsible for information security in an organisation?

The ownership varies depend upon the size of organisation. Normally in a big organisation, it is the responsibility of chief information security officer (CISO) and in small organisation it is the responsibility of System Administrator or Network Administrator.

ON STORAGE STRATEGY

1 .Why storage Strategy is important to an organization ?

In an information environment, an organization's success is tightly coupled to its ability to store and manage information. Storage systems provide a critical part of an organization's network infrastructure. With the amount of data growing at an incredible rate, your storage strategy must keep pace. In designing a storage strategy for your organization, you must select the right technology for your primary storage system, implement solid backup procedures and ensure ongoing management of the system. The storage technologies are extremely important because as the company expand, the data expand and obviously, need for storage also expand. Enterprise should have robust storage network in order to store any amount of data under any given circumstances.

2 .What is driving storage growth?

Digital Data explosion is driving storage growth. Availability of data at anytime irrespective of how old it may be is another cause that drives the storage growth. In a, knowledge driven era where information is the engine that drives enterprises worldwide, management of information is gaining utmost importance. Widespread implementation of CRM and ERP solutions have contributed towards enterprise data explosion by triggering exponential growth in the volume of information generated about partners, suppliers and customers.

3.What are the factors needs to considered while designing storage system ?

1 .Capacity

2. Scalability

3. Cost

4 Performance

5.Reliablity

6.Manageability

 

3.What are the storage options available ?

Network-attached storage (NAS	one of the on-line storage architectures that promise to deliver businesses with cost-effective, scalable, and manageable alternatives for ever-growing data requirements. Advantages stacked in favour of the NAS technology include increase in data availability, improvements in server performance, optimized data access, end-user transparency, easy setup, low installation and maintenance costs and platform-independence
Storage area network (SAN)	is excellent for moving large blocks of data, exceptional reliability, Wide availability, fault tolerance, Scalability. SAN technologies can be used in large databases, Bandwidth-intensive applications and mission-critical applications
Optical storage technologies	can play a part in an organization's storage strategy. They offer a lower-cost alternative to magnetic disks for extremely large data sets. Magnetic disks offer significantly higher performance, and their costs per storage unit consistently decline
Solid State devices	SSDs can offer incredible performance-almost instantaneous writing and reading of data

 

Let me conclude my blog with the buzz word in managing storage i.e  ‘BIG DATA’.

 

BEING IN THE CLOUD

1.WHAT IS CLOUD COMPUTING ?

It is more than anything on the internet and also more than virtualization technologies. The concise definition put forth by the National Institute of Standards and Technology (NIST) is

cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to shared pool of configurable computing resources (e.g. networks,  servers, storage, application and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

2. WHAT ARE THE CHARACTERISTICS OF CLOUD COMPUTING?

NIST's five essential characteristics of cloud computing provides enough specifics to break the myth that "the internet equals the cloud".  Neither simple web hosting  nor virtualized data centers  deliver the following  comprehensive cloud benefits:

1. On-demand self-service

2. Broad network access

3. Resource pooling

4. Rapid elasticity

5. Measured Service

3. WHAT ARE THE SERVICE MODELS AVAILABLE?

1.  Infrastructure as a Service (Iaas)

2.  Platform as a Service (PaaS)

3.  Software as a Service (Saas)

The other two service model apart from the standard service models are:

4. Data as a Service (Daas)

5.  Business Process as Service (BPaaS).

 4 .WHAT ARE DIFFERENT TYPES OF DEPLOYMENT MODELS AVAILABLE?

Cloud computing environment fall into one of four different models mentioned below:

a. Public Cloud

b. Private Cloud

c. Community cloud

d. Hybrid cloud

5. WHAT ARE THE RISKS INVOLVED IN CLOUD COMPUTING?

Many foresee 'Security of data' as a major risk involved in cloud computing.

 Multitenancy  may bring performance issue.

6. WHAT ARE THE ADVANTAGES OF CLOUD COMPUTING BEYOND COST SAVINGS?

1. Reduced resource needs

2 .Reduced time to market

3. Reduced capital expenditure

4. Increased availability

                5. Cost transparency

ON BUSINESS CONTINUITY AND DISASTER RECOVERY

In today's environment, especially in changing weather conditions pose severe threat to Business continuity. Not only, weather conditions but also hardware failure, virus attack plays havoc in business continuity. What needs to be done in this kind of situation? To have uninterrupted business continuity, proper Disaster Recovery (DR) plan should be in place. There are few questions to be asked before planning for DR.

1.  Is sufficient infrastructure in place for recovery of data if Disaster occurs?

2.  How much time will recovery take, when a disaster is declared?

3.  How much data will be lost while doing the recovery process?

4.  Is our mission-critical data is safe in the event of disaster?

The Two key points to be considered are:

Recovery time objective (RTO) :- the amount of time between an outage and restoration of operations.

Recovery point objective (RPO) :- the point in time where data is restored and reflects the amount of data that will be ultimately lost during the recovery process.

There are different models of disaster recovery.

In a dedicated model, the infrastructure is dedicated to single organization. IT infrastructure is mirrored at the disaster recover site and is ready to be called upon in the event of disaster.

In a shared recovery model, the infrastructure is shared among multiple organizations in other words cloud based recovery.

Normally in a dedicated recovery model, recovery is much faster than the shared model.

It is up to the organisation to choose the recovery model based upon their need. Normally it is trade-off between cost and speed.

It is better to seek the advice of business continuity specialist when planning for DR.