Posts Tagged 'Hurricane'

September 9, 2014

Building a Secure Cloud-based Solution: Part I

When you begin a household project, you must first understand what you will need to complete the task. Before you begin, you check your basement or garage to make sure you have the tools to do the work. Building a secure cloud-based solution requires similar planning. You’re in luck—SoftLayer has all the tools needed, including a rapidly maturing set of security products and services to help you build, deploy, and manage your cloud solution. Over the next couple of months, we will take a look at how businesses leverage cloud technologies to deliver new value to their employees and customers, and we’ll discuss how SoftLayer provides the tools necessary to deliver your solutions securely.

Hurricane plan of action: Water: Check. Food: Check. Cloud: Check?

Let’s set the scene here: A hurricane is set to make landfall on the United States’ Gulf Coast, and the IT team at an insurance company must elastically scale its new claim application to accommodate the customers and field agents who will need it in the storm’s aftermath. The team needs to fulfill short-term computing needs and long-term hosting of additional images from the claims application, thereby creating a hybrid cloud environment. The insurance company’s IT staff meet to discuss their security requirements, and together, they identify several high-level needs:

  1. Provide secure connectivity, authentication, access control, and audit capabilities for IT administrators and users.

    SoftLayer provides VPNs, multifactor authentication, audit control logs, API keys, and fine-grained access control. This allows insurance agents to securely access claim forms and supporting documentation and connect to the application via https, using the wide range of SSL certificates (Symantec, Geotrust, and more). Plus, agents can authenticate using identity and access management solutions such as IWS Go Cloud ID and IBM Security Access Manager.
  2. Ensure that stringent data security measures are enforced.

    Data cannot be shifted across borders, and data at rest or in use must be encrypted. SoftLayer leaves data where customers place it, and will never transfer customers’ data. IBM Cloud Marketplace partners like Vormetric offer encryption solutions to ensure sensitive data-at-rest is not stored in clear text, and that customers maintain complete control of the encryption keys. Additionally, the IT team in our example would have the ability to encrypt all sensitive PHI data in database using data-in-use solutions from Eperi.
  3. Ensure multi-layered security for network zone segmentation.

    Users and administrators in the confidential area of insurance need confidence that their network is securely partitioned. SoftLayer native and vendor solutions such as SoftLayer VLANs, Vyatta Gateway, Fortigate firewall, and Citrix Netscaler allow administrators to securely partition a network, creating segmentation according to organizational needs, and providing the routing and filtering needed to isolate users, workloads, and domains.
  4. Enforce host security using anti-virus software, host intrusion prevention systems, and other solutions.

    The IT team can apply best-of-breed third-party solutions, such as Nessus Vulnerability Scanner, McAfee Antivirus, and McAfee Host Intrusion Protection. These capabilities give administrators the means to ensure that infrastructure is protected from malware and other host attacks, enhancing both system availability and performance.
  5. Define and enforce security policies for the hybrid cloud environment, and audit any policy changes.

    Administrators can manage overall policies for the combined public-private environment using IBM solutions like QRadar, Hosted Security Event and Log Management Service, and xForce Threat Analysis Service. Admins can use solutions from vendors like CloudPassage, Sumo Logic, and ObserveIT to automatically define policies around firewall rules, file integrity, security configuration, and access control, and to audit adherence to such policies.

The insurance company’s IT department already knew from SoftLayer’s reputation that it is one of the highest performing cloud infrastructures available, with a wide range of integrated and automated cloud computing options, all through a private network and advanced management system, but now it knows from experience that SoftLayer offers the security solutions needed to get the job done.

When business needs spike and companies need additional capacity, SoftLayer delivers quickly and securely. Stay tuned for Part 2 where we will talk secure development and test activities.

- Rick Hamilton, IBM Cloud Offering Evangelist

September 6, 2011

Emergency Response Services

When people ask me what I do for a living these days, I tell them I provide emergency response services. With this answer, I usually get very surprised and intrigued looks as they probe for more details about the excitement of saving lives. For those that have known me for a while, they are especially shocked since my career until recently has always entailed sitting in a cubicle, crunching numbers and manipulating spreadsheets.

I don't actually provide ERS, and I don't "technically" save lives during my work days, but I do provide emergency services for our customers, and if you ask them, they'll probably tell you I'm a little like a life saver. I tell people I'm an emergency responder as a bit of a joke, but it's actually a great way to start explaining what I do at SoftLayer. When a customer's service is disrupted (preventing them from conducting important business), we need to respond immediately and knowledgeably to get everything back online as quickly as possible.

As Server Build Technicians, we have to be alert and ready for situations where a server goes down and affects the availability of a customer's site. Being offline can often translate to the loss of revenue and this I completely understand: If I wanted to buy something on a site and I find that the site is offline, I'll probably fire up a search page and look for another vendor. The first store loses my sale because I'm so conditioned to everything being available right when I need it ... And I'm not alone in this mentality.

When I started writing this article, we were gearing up for natural disaster to hit the Washington, D.C. area over the weekend (for the first time in my career). We had to plan what needed to be done at home and work ... Because SoftLayer provides web hosting services that must be available 24 hours a day, 7 days a week, so we have to do our best to minimize any service impact. We were lucky to have avoided much of the damage from Hurricane Irene, but we still treated it as though it was heading right toward us. In addition to the employees on site, everyone was on call to be ready to come in and help if needed. For those who have never experienced a hurricane, just think of a severe thunderstorm that lasts 8 to 12 hours, resulting in widespread power outages, flooding and wind damage.

A hurricane is scary for everyone in its path, and to a certain extent, all you can do is be safe and have a plan of response. Our data center has extremely reliable power generators and staff to handle these kinds of situations; we're always prepared for the worst case scenarios for your servers so you don't have to be.

-Danny

P.S. If you've never thought about becoming a "Server Emergency Responder," I'd recommend swinging by the SoftLayer Careers page to learn more about becoming a Server Build Technician. As of right now, there are SBT positions available in Dallas, Seattle, Amsterdam, Singapore and Washington, D.C.

Subscribe to hurricane