Were you to have been asked that question some years ago, the answer most likely would have bee “I’m not sure”....
DataExpress – securely managing the transfer of files even as clouds are gathering and opportunities to “peek at the contents” attract more curiosity!
As a community NonStop users and vendors agree that the latest NonStop platforms – NonStop X and vNonStop – offer the industry’s best security. As posts and commentaries allude to (without overstressing the fact), it is widely known that a NonStop system has not been hacked to date and in this regard, we owe this key attribute in the success of NonStop to the actual software stack that is the heart of NonStop. It’s tough for a hacker – even state-sponsored hackers – to get their hands on a modern NonStop system and to try their hand at penetrating the safeguards already in place, pardon the pun! However, events of the past couple of weeks have shone the spotlight on the staff that work closely with NonStop – in many ways, the orchestrated attack involving multiple players still has the potential to create havoc.
The most recent news in this respect came out of the UK where, according to an August 6, 2019, post to FinTech Futures Almost half a million Monzo customers affected by data breach, “At least 480,000 British bank customers, a fifth of Monzo’s 2.6 million customer base, were affected by the data leak which allowed staff engineers’ access to PINs stored in encrypted log files.” This update noted that this “fintech challenger bank said it has finished deleting all the improperly stored information after discovering the error on Friday.” In an attempt to reassure their customers, the fintech then stated matter-of-factly that, “No one outside Monzo had access to these pins. We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.”
Nothing generates as much fear in the hearts of CIOs and even CFOs as the prospect of sensitive personnel information falling into the wrong hands. Monzo claims it is the bank of the future and advertises how “55,000 people open a Monzo account every week.” Perhaps more intriguing for those unfamiliar with the rise and challenges of fintechs, Monzo as a UK fintech, also advertises that its “Home is 5 minutes from Moorgate station, but we also have offices in Cardiff and Las Vegas, and lots of people around the world.” Las Vegas, of course, has us curious but then banks, fintechs or otherwise, always have demonstrated a penchant for “following the money!”
However, accidentally revealing to their staff PINs encrypted or otherwise, isn’t the sole indiscretion among financial institutions revealed of late. Perhaps more disturbing was the update coming from Capital One (the fifth largest credit card issuer) who, according to a July 30, 2019, Wall Street Journal article Capital One Reports Data Breach Affecting 100 Million Customers, Applicants , apologized over “a hacker (who) accessed the personal information of approximately 106 million card customers and applicants (and) one of the largest-ever data breaches of a big bank.” Even more chilling was the acknowledgment that, “Paige A. Thompson, 33 years old (and a former employee of Amazon Web Services) was arrested in connection with the hack Monday by federal agents in Seattle, officials said. Ms. Thompson is accused of breaking through a Capital One firewall to access customer data that the bank had stored on Amazon.com Inc.’s cloud service, according to a federal criminal complaint and people familiar with the matter.”
HPE NonStop systems have gone virtual and have the ability to be configured as guests of hypervisors running on server farms or inside clouds. With this recent development, NonStop is just a collection of virtual machines and as such, could be resident alongside other guest operating systems including Linux and Windows, indeed, as a collection of virtual machines, even the CLIMs in support of storage and comms are running as additional virtual machines. The fabric of converged Ethernet accessed via RDMA over Converged Ethernet (RoCE), may need to be given a lot more attention as the NonStop community gains experience with running virtualized NonStop – the fence around NonStop may be a lot more porous than previously acknowledged with the platform.
“As for security not only is a chain only as strong as its weakest link but they have to be long enough, high enough and encircle the camp and even then, nothing can be assured,” said DataExpress CEO, Billy Whittington. “You could say that yes, I am firmly in the camp that all data centers and their servers will be penetrated at some point with the only defense being to make what is found there totally useless – tokenization is one option; splitting up data and scattering it across sites is another; and there are many more options.”
Expanding on these observations, Whittington then added how, “Given today’s technology, everyone is moving every type of data everywhere. There are rules, requirements and regulations, and then there are a bunch of buzzwords like ‘on-the-fly encryption,’ ‘at-rest encryption,’ that represent great philosophies, but truly, there are little crevices where data is picked up de-crypted, re-encrypted, shifted in an encrypted tunnel, decrypted to be put down and it can be encrypted on-the-fly as its laid down. Each of these steps exchange keys and passphrases and have keyrings etc. and billions of dollars are spent on it annually, yet still we have headliners like those about Monzo and Capital One.”
DataExpress has been at the forefront of securely managing the movement of files. This has been our core business capability for many decades. We have experience in dealing with the porous nature of systems and platforms and we continue to come back to the importance of tokenization as a defense against the inevitable penetration that will happen, even with NonStop deployed. We aren’t wishing the worse for NonStop but understand that as a community, we all need to lift our game and to move on from any reliance we may have on NonStop having never been hacked. “Tokenization may ultimately be more important than anything else because that physically strips the critical components out of the data,” said Whittington. “Perhaps the goal is to have a set of standards that tells us what should be tokenized and then just focus on that (smaller) achievable goal.” Again its being widely discussed that the best defense is to assume that at some point penetration will happen so let’s make the data stored on NonStop useless to any outsider!
Virtualization is here. Clouds are coming. On demand consumption is just around the corner and increasingly almost all applications will be available on the basis of “as-a-Service.” DataExpress sees this as inevitable and is working with NonStop customers today. Moving files continues to be an important aspect of life inside and outside a data center but it doesn’t mean we aren’t as effected as other mission critical applications – in fact, we have to be diligent in all that we do to make sure that nothing is left to chance and that nothing is left open (to viewing) by an unauthorized party. Should you have an interest in the steps we are taking with DataExpress to better address security and would like to know how your enterprise can rest a little easier knowing your file transfers are being managed securely, then just reach out to us by phone or email. We would really like to talk to you about meeting your business needs!
email@example.com | +1.972.899.3476