Those of us living in the Northern Hemisphere are living through the dog days of summer fully aware that fall is just around the corner. Indeed, the further north you travel, the more inclined you will be to look for the initial sighting of fall colors, as the leaves begin to turn. With the coming of fall, there are two major events for the NonStop community – the NonStop Partner Symposium for the NonStop vendor community, followed by the NonStop Technical Boot Camp (TBC) that is open to every member of the NonStop community. As an indication what a theme will be at these events look at the many recent publications of the hacks of enterprise data centers! The theme is clearly going to include many discussions and presentations on the topic of security. Whether you wrap your data center behind industry strength bubble wrap, erect high walls and arm the battlements or simply chain the windows and doors and keep every opening under lock and key, it seems as though there is always the temptation to “give it a go” to see how far you can get. Or so the storyline goes as we read about the very sophisticated measures some parties go to in order to access your data. However, the NonStop systems that have been at the heart of many enterprises’ mission critical real-time applications have stood apart from their peers – NonStop has stood firm as almost every system around it has been hacked at one time or another. As we reminded NonStop users in the August, 2019 post to NonStop Insider, DataExpress – securely managing the transfer of files even as clouds are gathering and opportunities to “peek at the contents” attract more curiosity! DataExpress has been mindful of security since the very beginning:
“As posts and commentaries allude to (without overstressing the fact), it is widely known that a NonStop system has not been hacked to date and in this regard, we owe this key attribute in the success of NonStop to the actual software stack that is the heart of NonStop. It’s tough for a hacker – even state-sponsored hackers – to get their hands on a modern NonStop system and to try their hand at penetrating the safeguards already in place, pardon the pun!
“DataExpress has been at the forefront of securely managing the movement of files. This has been our core business capability for many decades. We have experience in dealing with the porous nature of systems and platforms and we continue to come back to the importance of tokenization as a defense against the inevitable penetration that will happen, even with NonStop deployed.”
With this in mind, and not wishing anything bad to happen to NonStop, DataExpress is ever mindful that the NonStop community should lift its game in order to maintain confidence in the secure nature of all that is running and being stored on NonStop. This topic has been covered in previous posts to this blog and we all know that in medieval times high walls, strong gates, deep moats and armored guards didn’t prevent some citadels from falling to determined armies. As DataExpress CEO Billy Whittington said in this latest post to NonStop Insider already referenced:
“As for security not only is a chain only as strong as its weakest link but they have to be long enough, high enough and encircle the camp and even then, nothing can be assured.
“You could say that yes, I am firmly in the camp that all data centers and their servers will be penetrated at some point with the only defense being to make what is found there totally useless – tokenization is one option; splitting up data and scattering it across sites is another; and there are many more options.
“Tokenization may ultimately be more important than anything else because that physically strips the critical components out of the data.
“Perhaps the goal is to have a set of standards that tells us what should be tokenized and then just focus on that (smaller) achievable goal.”
These last comments referred to sentiments within DataExpress based on our own experience with securely managing the movement of files. When you talk of Hybrid IT and of the many systems participating in such hybrids, “everyone is moving every type of data, everywhere.” More importantly is the knowledge that yes:
“There are rules, requirements and regulations, and then there are a bunch of buzzwords like ‘on-the-fly encryption,’ ‘at-rest encryption,’ that represent great philosophies, but truly, there are little crevices where data is picked up de-crypted, re-encrypted, shifted in an encrypted tunnel, decrypted to be put down and it can be encrypted on-the-fly as its laid down.”
So, is it too much to expect that rules and standards will equally apply to NonStop as to any other system? Furthermore, is it too much to expect that with technology available today, including tokenization, we can make enterprises “crown jewels” worthless to any intruder? Again it’s being widely discussed that the best defense is to assume that at some point penetration will happen so let’s make the data stored on NonStop useless to any outsider!
If you happened to have missed reading the latest feature article from DataExpress that was published in the August, 2019 issue of NonStop Insider and would like to read more of what we believe is important to the NonStop community, make sure you click on the hyperlink above or simply cut and paste this link into you browser – https://www.nonstopinsider.com/uncategorised/dataexpress-hpe-discover-and-n2tug-events-reveal-renewed-emphasis-on-hybrid-it-and-this-calls-for-nonstop-community-to-look-to-open/