Upload
randolf-washington
View
216
Download
2
Tags:
Embed Size (px)
Citation preview
Go to View/Master/Slide Master to type in header
1
Propelling Business Growth With A Secure And Continuous Information Infrastructure
Jon Murray
Go to View/Master/Slide Master to type in header
2
Information: Change in Multiple Dimensions
informationgrowth
informationtypes
informationuses
information regulations
more regulations:SEC 17a-4, NASD 3010,Sarbanes-Oxley, Basel II, UK Metadata, eSign Act, 21 CFR Part 11
(more coming!)
more growth:information stored on disk arrays growing ~60% in 2006
more uses:ERP, CRM, RFID, collaboration, data mining, discovery …
more types:transactions, documents, forms, web, images, voice, messages, reports ...
Go to View/Master/Slide Master to type in header
3
Customers’ Information Storage andManagement Challenges
CIO’s Dilemma:How to manage all the information
growth with limited resources?
Information stored on disk arrays ~ 70%
IT budget growth ~ 4 - 5%
IT environment getting more complex
SLA’s continue to expand and tighten
Protection and security increasingly important
Go to View/Master/Slide Master to type in header
4
2006 Technology Spending Priorities–CIO Survey
Source: Morgan Stanley November CIO Survey, Jan. 3, 2006
1. Security (Software)
2. Security (HW & Services)
3. Storage Area Networks
4. Wireless LAN (access points & routers)
5. Storage Software
6. Portal Software
7. VOIP Infrastructure
8. IT Education and Training
9. Storage Hardware10. Business Intelligence Software
11.Wireless LAN (clients)
12.New Custom Development
13.Routing
14.Systems Management Software
15.Application Integration Software
16.Notebook PCs
17.Document Management Software
18.Automated Testing Tool
19.Microsoft Office Upgrade
20.Application Software Server
45.Mainframe hardware
46.Printers
Go to View/Master/Slide Master to type in header
5
Security TodayAn Amalgamation of Point Products Across IT
Antivirus
Anitvirus
VPN Encryption
Authentication WebFiltering Authentication
ThreatDetection
Change/PatchManagement
LAN
Clients Servers
SAN
Disk Storage
Tape
Spyware
Firewall
Digital RightsManagement
Encryption
VaultRecovery
Management
Authentication
Go to View/Master/Slide Master to type in header
8
Security Must Become Information-Centric
Information-centric Security– An inside-out view of how to secure information
Begins with securing the data itself Moves out through layers of
increasingly intelligent infrastructure Relies on our ability to leverage
the interaction between data andinfrastructure
Important Technology• Data-level access control• Open policy decision points• Enforcement at point of use
Go to View/Master/Slide Master to type in header
9
Information Security (Confidentiality)
InformationSecurity
InformationSecurity
InformationAvailability
InformationAvailability
InformationConfidentiality
InformationConfidentiality
InformationIntegrity
InformationIntegrity
EMC’s Heritage
Protectionand
A Natural and Requested Evolution of EMC’s Data Protection Capabilities
Go to View/Master/Slide Master to type in header
10
EMC’s Security Efforts to Date
• CEO-level Mandate• Information Security Leadership Team• Company-wide Goals and Objectives
• Security-related Workshops, Assessments• EMC Vulnerability Alert Service• Documentum Trusted Content Services• EMC Secure Remote Support
• Data Erasure Service• DRM for ECM• Software-native Encryption
– Retrospect and NetWorker• Data Encryption through EMC Select
Dedicated FocusDedicated Focus
Security of OfferingSecurity of Offering
Comprehensive Information Protection
Comprehensive Information Protection
Go to View/Master/Slide Master to type in header
11
ID and AccessManagement
Threat Management
Encryption
Secure Content
Vulnerability Management
EMC Security Mission
Applications Information PeopleSystems
Security Services
PatchingVulnerability Assessment
Security Risk Management
Security ConfigurationSecurity Event Management / Managed Security
Intrusion Detect / PreventFirewall / VPN
Threat AppliancesAnti-Virus/Malware
Secure MessagingWeb Filtering
EncryptionFile / Database Security
Digital Rights Mgmt
AuthenticationAuthentication Mgmt
AuthenticationAuthentication Mgmt
Provisioning
End-to-End Information Security Management
EMC ISM
Go to View/Master/Slide Master to type in header
12
EMC’s Information-Centric Approach to Security
EMC Strategy Expose key native capabilities Repurpose existing technologies for security “use cases” Develop new products, solutions, and service offerings Partner and acquire to complete portfolio
12
Information Security Management (ISM) Information Security is an end-to-end challenge To be most effective, security capabilities must be integrated
with the information infrastructure All security offerings need to be interoperable and open
Go to View/Master/Slide Master to type in header
13
EMC RetrospectEMC Networker
EMC Secure Remote SupportEMC Documentum Trusted Content Services
VMware Assured Computing EnvironmentDigital Rights Management (with partners)
What is Happening with Information Security
?Hard to know where to start
definerequirements
establishservices catalog
identify gaps
createplan
monitoreffectiveness
hardwareNeoScale
DecruKasten ChaseCipheroptics
softwareStorage Security Assessment Service
SAN Security Best PracticesNAS Security Best Practices
Data Erasure Services
services
Go to View/Master/Slide Master to type in header
14
Secure Content Management
ACLs
MACL
EAL4
Common Criteria Testing 2
Trusted Content Services
Information Object
Go to View/Master/Slide Master to type in header
15
ESG Strategy for Enterprise Archiving
Retain
Migrate
Discover
Common Archiving Record and Storage (CARS)
Secure, scalable, and unified archive for all types of content
Rich Media
Email / IM
Desktop &File System
SharePoint
WebPaper
Applications& Reports
Classify
Go to View/Master/Slide Master to type in header
16
New Architecture for Backup, Recovery, and Archive
Extract valuable information to archive– Increases performance of production applications– Improves TCO through use of tiered storage– Recovers capacity on Tier 1 resources
Back up active production information– Backup window reduced or eliminated– Higher reliability, greater likelihood of full backups
Retrieve from archive or recover from backup– Restore requests are faster– Information that was once offline is now online via archive
ŽŒ
ŽArchiveprocess
Recoveryprocess Production
Go to View/Master/Slide Master to type in header
17
Backup and Archive are Different
Backup ArchiveA secondary copy of information Primary copy of information
Used for recovery operations Available for information retrieval
Improves availability by enabling application to be restored to point intime
Adds operational efficiencies by moving fixed / unstructured content out of operational environment
Typically short-term (weeks or months) Typically long-term (months, years, or decades)
Data typically overwritten on periodic basis (e.g., monthly)
Data typically maintained for analysis, value generation, or compliance
Not for regulatory compliance— though some are forced to use
Useful for compliance and should take into account information-retention policy
Go to View/Master/Slide Master to type in header
18
Continuity
Reduce Total Cost Improve Business Value
Minimize under-protection Flexibility to change Improving productivity
Eliminate over-protection Simplified environment Consolidated continuity
Go to View/Master/Slide Master to type in header
19
Continuity Challenge: The Common Current State
Notprotected
Under-protected
Different requirementsDifferent technologiesDifferent processes
Over-protected
Continuity Issues Survive a disaster
Achieve high availability
Prevent data corruption
Non-disruptively upgrade software and/or hardware
Do parallel processing
Move and migrate data
Restart the enterprise
Protect remote data sites
Shorten backup and restore times
Contain costs
Cannot add resources
Pain Points Inconsistent service levels
Gaps in coverage
Growth in complexity and effort
Growth in cost and risk to the business
Continuity Defined: Ensuring applications and data are available during planned and unplanned outages.
Go to View/Master/Slide Master to type in header
20
CDP to Disk
SECONDSHOURS/
MINUTES
Backup to Disk
Backup to Tape
DAYS/HOURS
Snap / Clone
MINUTES/SECONDS
Op
erat
ion
alE
ffe
ctiv
ene
ss
Decreased Recovery Time /Increased Recovery Point Granularity
Information Protection is Evolving Beyond Tape Backup…
Replication
< SECONDS
Common Recovery Management ServicesAutomated and Simplified Management Disaster Recovery, Operational
Recovery, and Testing/Migration
Common Recovery Management ServicesAutomated and Simplified Management Disaster Recovery, Operational
Recovery, and Testing/Migration
Go to View/Master/Slide Master to type in header
21
Products and Technologies
PlatformLocal Remote
SAN
Backup Recovery
SAN
Remote Information
Remote processing
Clustering across site with Storage DR aware
Multi-site
SAN
Go to View/Master/Slide Master to type in header
22
Products and Technologies
Platform Storage,
switch, and server
protection
BackupFrequent, consistent,
non-disruptive backups
RecoveryQuick,
accurate, predictable recovery
Remote Information
All critical data safe at remote
location
Remote processing Automatic processing resumption: “lights out”
Multi-siteIncreasing distance improves protection
Local Remote
Information Protection & Recovery
SRDF FamilyMirrorView
AutoStart Family
TimeFinder FamilySnapView
EMC SnapSurePowerPath
NetWorkerCelerra Replicator
RepliStor
Go to View/Master/Slide Master to type in header
23
Getting Started: Sample Customer Requirements PlanService Level Bronze Silver Gold Platinum
Service Class Non-critical Business urgent Business-critical Mission-critical
Site Type Warm site Hot site Standby site (manual failover)
Standby site (automatic failover)
RTO +/- <72 hours up to (+/-) <5 days +/- 24 hours up to (+/-) 3 days +/- 6 hours up to (+/-) 12 hours +/- 1 hours up to (+/-) 3 hours
RPO +/- 24 hours up to (+/-) 3 days +/- 24 hours up to (+/-) 3 days Sync = 0 data loss Async = acceptable data loss*(Potential for 0 data loss for
Async)
Sync = 0 data loss Async = acceptable data
loss
Recovery Service OS: restored from tape and validated
Application: restored from tape and validated
Data: restored from tape and validated
Connectivity: restored and validated
Redundancy of data: recover lost transaction and validate
Redundant site: ready (warm site)
Recovery plans: ready
OS: restored from tape and validated
Application: restored from tape and validated
Data: restored from tape and validated
Connectivity: restored and validated
Redundancy of data: recover lost transaction and validate
OS: ready Application: ready Data: ready Connectivity: repoint network Redundancy of data: store
and forward, tape back up of site
Recovery plans: ready Testing: quarterly after
significant
OS: ready Application: ready Data: ready Connectivity: repoint
network Redundancy of data: store
and forward, tape backup of site
Redundant site: ready Recovery plans: ready Testing: quarterly after
significant
Application Type Desktop applications Corporate tax systems Travel systems Human resources
Some desktop applications Corporate tax system Travel systems Payroll Document imaging
Accounting systems (ERP) Inventory control /
distribution Credit card processing Cash management
Accounting systems (ERP) Inventory control /
distribution Credit card processing Cash management
Go to View/Master/Slide Master to type in header
24
Customer Needs
“Not all information is created equal”
Tiered Storage that Is Optimized for Business Requirements
Budget Capacity Availability CompliancePerformanceBusiness Applications
ERP
CRM
Exchange
Archive
Go to View/Master/Slide Master to type in header
25
EMC RetrospectEMC Networker
EMC Secure Remote SupportEMC Documentum Trusted Content Services
VMware Assured Computing EnvironmentDigital Rights Management (with partners)
What is Happening with Information Security
?define
requirementsestablish
services catalogidentify
gapscreate
planmonitor
effectiveness
hardwareNeoScale
DecruKasten ChaseCipheroptics
softwareStorage Security Assessment Service
SAN Security Best PracticesNAS Security Best Practices
Data Erasure Services
services
where to start
Go to View/Master/Slide Master to type in header
26
Building a Next-Generation Information Infrastructure
Information protection and security
InformationLifecycle
ManagementFlexible
infrastructure
Next-Generation
InformationInfrastructure