2. ! Corporate data must be
The security landscape is changing dramatically segmented, encrypted,
backed up and monitored Breaking it down, making it secure
Archiving and
to prevent corruption and
The world is moving towards data centre centric and cloud computing, and this trend is Traditional illegal access. New data centre centric and cloud infrastructures can be broken down into the four key areas of Endpoint devices and access,
Tape Solution
the Network including Internet/WAN, the Core Data Centre and finally across all of these the need for a comprehensive Corporate
changing the way that IT infrastructures are deployed. Whilst the benefits of this
Governance and Compliance strategy.
technology transition are well understood, it introduces a whole host of new risks and
security considerations.
Storage
3 Data Centre ! Consolidation into the data
centre and virtualisation
These four key areas must now be considered when developing a comprehensive network and data security strategy. Key
Pool technology components can be combined to address the full spectrum of individual and collective security challenges in the
introduces risk due to modern world.
! Increasing user mobility and usage of smart phones, Virtual Tape
Library (VTL)
Encryption (Data and Applications)
multiple applications and
tablets and PDAs at the edge site has introduced
data being concentrated
new security risks with mobile users wanting to access Encryption
onto virtualised hardware 1 Security for the Desktop and Endpoint
SA
Endpoint Security (Host Servers)
N
centrally held data and applications anywhere, anytime.
/N
Application
AS
platforms.
Fa
Endpoint Suite Servers
br
Application
ic
Servers Content Security (Host Servers) • Safeguard data on the endpoint device • Separate work and personal activity
! Business and personal use of technology will increasingly • Protect devices against theft and illegal access • Anti Virus, encryption, spyware and malware protection
converge as users synchronise and run their work, social • Authenticate and ID users • Track stolen devices, disable data and file access
Head
and educational lives through a single device opening up Office
potential security loop holes. Core WAN
IDP / IDS
Router NAC Accelerator Dashboard
! High dependance on the Network coupled with
Load Balancer
Monitoring 2 Security for the Network
convergence of the Internet, Wide Area Network (WAN)
Authorised Third NAC N.O.C. • Deploy Firewalls to protect key access and exit points • Filter emails for harmful and inappropriate content
and Telecommunications services introduces new security, Wireless WAN Reporting
Party Access Networking Accelerator DMZ 1 Firewall • Encrypt data in transit across the Network • Filter, monitor and control website downloads and activity
performance, and management issues.
• Deploy access authentication and intrusion detection
WAN Intranet
Webserver
DMZ 2
Authentication External
Web
Endpoint Suite Webservers
Filtering
3
(FTP / WWW) Global
Policy WAN Company Security for the Data Centre
IDP / IDS
External
SSL Access
Accelerator Security
Policy ! Corporate governence and
risk management is now a • Deploy dedicated Firewalls to protect key assets • Apply access and authentication controls at all levels
Firewall Router major consideration in • Create DMZ and restricted areas • Deploy intrusion protection and alerts
Customer / Public
2 Network network security planning.
NAC
Cloud Access • Separate and encrypt business critical data • Filter and control inbound / outbound content
and Internet Remote
Email Site
Filtering
ISP Load
Internet /
Balancer
SSL
VPN
Encryption
4 Compliance for the Infrastructure
Endpoint
• Implement audit and tracking controls • Sarbanes-Oxley (SOX) and Payment Card Industry (PCI)
Cloud
Suite
• Backup and recovery • Login and access procedures
Mobile Workers • Resilience and data protection • Reporting, visibility, tracking and accountability
Key Technologies
and Small Offices
Content and Web
4 Compliance Data and Application Security Content Security Network Security Endpoint Security Compliance
Filtering WAN
Accelerator • Encryption • Email Filtering • Firewalls • Authentication and Tokens • Monitoring and Data Capture
Encryption
Firewall • Data Loss Prevention (DLP) • Web Filtering • Intrusion Detection Prevention / • Single Sign-On • Policy Management
Endpoint Suite
Router • Application Control System (IDP / IDS) • Secure Sockets Layer Virtual Private • Dashboards
• Alerts • Wi-Fi Network (SSL VPN) • Reporting Tools
Authentication
1 Endpoint
Performance and Infrastructure
• Network Access Control (NAC) • Endpoint Suite (Anti Virus, Spyware,
Malware, etc)
• Log Correlation
SSL VPN
• Load Balancing
• WAN Acceleration “IT infrastructures are changing and driving a rethink of data security deployment.
Arrow ECS security solutions can help organisations tackle security proactively and
experience the business benefits that come from good governance.”
www.arrowecs.co.uk/security Nick Bannister, Divisional Director Security Solutions, Arrow ECS