Tuesday, 16 May 2017

Fire Takes Out Aussie Data Centre and Disrupts Business

A data centre fire in southern Australia disrupted numerous businesses last week, including account access among customers of UniSuper, a superannuation provider with more than AUS $56 billion in assets. Fortunately, no customer information was lost as a result of the failure and the data centre was back online a day later.

The affected data centre remains undisclosed at this time, but news reports did identify it as a facility somewhere in the Port Melbourne area. Port Melbourne is a suburb of Melbourne in the state of Victoria. News reports also indicate that the data centre is in the same general vicinity as two companies in which UniSuper is heavily invested.

No Information on Cause:

At of the time of this writing, the cause of the fire remains unknown and it could be some time before that information is released. All that is known at this point is that the data centre caught fire and, in the aftermath, UniSuper and several other businesses suffered partial shut-downs. The fact that the centre resumed operation the following day indicates the fire was not as severe as it could have been.

Data centres the world over are equipped with fire suppression systems in order to minimise the damage fire and smoke could cause. These are chemical or water systems that can extinguish fires without damaging computer hardware. It is assumed such a system is that which saved the Australian data centre.

Unfortunately, fire suppression systems themselves do not always work. A number of years ago, a Romanian data centre operated by ING suffered extensive damage from a fire suppression system test. The system made such a loud boom that the sound waves actually damaged hardware!

Fire Is Always a Risk:

Those of us within the data centre community are fully aware that fire is always a risk. The general public, on the other hand, may not realise just how much of a problem fire can be. For starters, think about the tremendous amount of heat that data centres produce on a daily basis.

Data centres have to be kept cool because excess heat can damage sensitive network hardware. But, more importantly, allowing excess heat to build up could spark a catastrophic fire. The larger a data centre is, the greater the potential for fire if cooling solutions are not designed and implemented properly.

We have seen notable data centre fires all over the world in the past. In 2016, Ford experienced a fire at its US corporate headquarters in Dearborn, Michigan. A government data centre in Ottawa (Canada) also went down in 2016 after hardware suffered severe damage due to inexplicable smoke. And, of course, who can forget the 2015 fire in Azerbaijan that decimated the country's internet service.

Thankfully the data centre fire in Australia was not serious enough to cause widespread damage and knock out services for an extended period. Hopefully, facility owners will identify what caused the fire and take corrective action to prevent it from occurring in the future.

Wednesday, 10 May 2017

Barclays Announces New Cyber Crime Initiative

With cyber crime seemingly increasing on a daily basis, one UK high street bank has decided to fight back. Barclays has launched a new nationwide initiative designed to educate consumers, businesses and authorities in how cyber crimes are carried out and what can be done to prevent them. The initiative includes £10 million for an extensive advertising campaign throughout the UK.

According to Barclays, cyber crime in the form of digital fraud is at an all-time high. In fact, digital fraud now makes up at least half of the total crime reported in the UK. Barclays suspects the numbers could be even higher when one considers how often cyber crimes go unreported. The kinds of crimes that Barclays is referring to include things like scams and digital identity theft.

Surprisingly, older people are not the most vulnerable to cyber crimes involving digital fraud. According to Barclays, that distinction belongs to young people between the ages of 25 and 34. Even more surprising is that highly educated young people in the Greater London area are the most vulnerable group in the UK.

What Barclays Will Do:

It's clear that Barclays alone cannot make a dent in cyber crime and digital fraud. Real change will be the result of banks, businesses, authorities, and the public all working together. With that said, Barclays is committed to doing its part by way of their new Digital Safety initiative.

The first part of the initiative calls for giving Barclays customers more control over how their debit cards are used. Customers will be able to set their own daily withdrawal limits and turn remote purchasing capabilities on and off by way of the Barclays app. On the education front, Barclays has a lot planned.

They now offer an online quiz designed to help people understand their own level of risk. The quiz is followed by helpful tips designed to make individuals more secure based on their answers. Barclays is hoping to help as many as 3 million consumers with the quiz.

As previously mentioned, Barclays will invest £10 million in an advertising campaign that will involve billboards, printed adverts, TV, and online efforts. The ad campaign will target the most vulnerable demographics with essential information they need to understand and the precautions they should be taking.

An updated website will include 'fraud awareness takeovers' in order to promote fraud prevention. Barclays believes that it is more important to make people secure than to sell new products, so these new takeovers will replace many of the existing elements that currently market new products to consumers.

Lastly, Barclays will begin offering educational seminars and support clinics for both businesses and retail consumers. The company hopes to reach as many as one million small and medium-sized businesses with targeted educational opportunities designed to help them reduce their fraud risks.

It is clear that Barclays is serious about addressing cyber crime and digital fraud. Kudos to them for stepping up and committing themselves so extensively.


Wednesday, 3 May 2017

New Apple Data Centre Will Help Heat Homes

It is no secret that Apple is looking to be the dominant technology company where green energy is concerned. Their new corporate headquarters in Cupertino, California (USA) is already slated to run on 100% renewable energy and Apple has made great strides in using more environmentally friendly packaging. Now they have their eyes on a brand-new data centre being built in the Jutland region of Denmark, a data centre that will utilise green energy and recycle its excess heat to help keep local homes warm.

The data centre is being partly powered by recycling agricultural waste from local farms. Apple has partnered with Aarhus University to develop a system that converts the waste into methane gas by way of a biochemical 'digester'. The methane gas can then be harnessed and used to power the facility. What the digester leaves behind becomes fertiliser for local farms.

Apple also says that the data centre will put no stress on the local power grid. Instead, it will be powered by 100% renewable energy. As such, Apple is giving back to the community in multiple ways. It is a great partnership that will benefit local residents, businesses, farmers, the University, and even Apple itself.

A Company-Wide Goal:

We should not be surprised by what Apple is doing in Denmark. After all, the company has stated numerous times that they fully intend to eventually operate all their data centres on 100% renewable energy. All their existing data centres already use renewable power to one extent or another and Apple claims as many as 96% of them are already exclusively renewable.

The renewable energy goals are not what is so surprising about the Denmark project. Rather, it is remarkable that Apple will harness the excess heat their data centre produces and return it to the community as municipal heat for homes. Apple could just as easily have turned around and used that heat as another source of power on their own premises. Instead, the local community will benefit from it.

Apple is not alone in harnessing data centre heat for other purposes. There are others who use excess data centre heat to keep their own offices warm and still others who use it to generate the hot water their facilities need. And when you stop to think about it, heat recycling strategies make perfect sense.

Data centres are not only insatiable users of power; they also produce a tremendous amount of heat. There really is no viable reason to allow that heat to escape when it can be reclaimed for so many purposes. The fact that it has taken technology companies so long to get to this point is the only thing that really surprises us about heat recycling.

Apple's new Denmark data centre will be a model of renewable energy and recycling when it finally opens. Apple might be hard-pressed to call themselves the world leader in green technology at this moment in time, but they are certainly among the industry's major players.

Tuesday, 11 April 2017

Keeping Sensitive Data Hidden

Network troubleshooting, performance monitoring, and security are daily tasks in the data centre. Add data privacy and other regulations in the healthcare, government, education, finance and other sectors and you are adding another level of complexity to your network monitoring. Network visibility solutions that recognise data patterns can help reduce business risks by inspecting the packet payload, providing insights on specific data patterns, masking data to improve data privacy and support compliance to HIPAA1, PCI2 and internal best practices or recognising patterns that alert security. 

Pattern matching uses regular expressions to define search patterns. These patterns can then be used to find strings of characters in files, databases and network traffic. One of the earliest uses for pattern matching was text editing. A user could use a regular expression to search and replace a particular string throughout an entire document using a single command.

An example of a regular expression is “\b\d{5}\b.” This expression can be used to find any five digit US zip code, such as 49017. This regular expression can be expanded to search for a nine digit zip code like 49017-3822. The expanded version of the expression is “\b\d{5}-\d{4}\b.”

After a desired string of characters is matched by a regular expression, several types of actions can be taken. Depending on the system, these actions can include:

·        Generate an alert message
·        Highlight the data
·        Mask the data by replacing each of its characters with a different character
·        Remove the data altogether

An example use for masking data is complying with privacy regulations like HIPAA or PHI. These regulations require companies and organization to protect private information, such as social security numbers, credit card numbers, and health related information.

Pattern Matching Applications:

Today, pattern matching is used in numerous applications like text editing, compiling computer programs, and protecting private data during network monitoring activities.

Protecting private data, while monitoring networks, represents one of the growing uses for pattern matching. In order to solve a network problem, a trouble shooter must monitor network traffic and examine its packet headers (e.g. Ethernet Header, IP Header, etc.). However, the payload portion of a packet may include a person’s personal information that needs to be protected.

Pattern matching can be used to mask personal data in the payload portion of each packet prior to the packet being examined. This capability assists organizations with complying with regulations like HIPPA and PHI.

Another use for pattern matching is filtering. When a match occurs, the action can be to either drop the packet or pass it. This type of application is applicable when a virus or malware is identified in a packet. In some cases, the action may include dropping the entire network session.

Typical Regular Expressions:

A typical regular expression library could include the ability to search for the following types of data:

·        Credit Card Numbers
·        Phone Numbers
·        Zip Code Numbers
·        Email Addresses
·        Postal Addresses

Typical Pattern Matching Features:

A user should easily be able to perform the following functions with a pattern matching system:

·        Have commonly used regular expressions available in a library.
·        Add additional regular expressions to the regular expression library by copying them from the plethora of expressions found on the Internet.
·        Test whether a regular expression matches a particular string without having to configure a network to send the string through the system.
·        Allow the user to mask data using a user selectable character.

APCON delivers a pattern matching feature as part of its network and security visibility solution. This allows the inspection of the packet payload to look for specific data patterns and masks the matched data, improving data privacy and supporting compliance to HIPAA, PCI and internal best practices. For an example of a network pattern matching system, check out Apcon’s new pattern matching feature on the HyperEngine packet processor blade or contact Kevin Copestake, UK & Ireland Sales Manager kevin.copestake@apcon.com / +44 (0) 7834 868628 for more information.

Compliance Regulations
1Health Insurance Portability and Accountability Act (HIPAA)
2Protected Health Information (PHI)

Guest blog by APCON.  For a link to the original blog plus related diagrams, please visit https://www.apcon.com/blog-entry/keeping-sensitive-data-hidden

Wednesday, 5 April 2017

Edge Data Centres have arrived but how resilient are they?

The massive migration of critical applications from traditional data centres to the cloud has garnered much attention from analysts, industry observers, and data centre stakeholders.  However, as the great cloud migration transforms the data centre industry, a smaller, less noticed revolution has been taking place around the non-cloud applications that have been left behind. These “edge” applications have remained on-premise and, because of the nature of the cloud, the criticality of these applications has increased significantly.

Let me explain:  The centralized cloud was conceived for applications where timing wasn’t absolutely crucial.  As critical applications shifted to the cloud, it became apparent that latency, bandwidth limitations, security, and other regulatory requirements were placing limits on what could be placed in the cloud.  It was deemed, on a case-by-case basis, that certain existing applications (e.g. factory floor processing), and indeed some new emerging applications (like self-driving cars, smart traffic lights, and other “Internet of Things” high bandwidth apps), were more suited for remaining on the edge.

Considering the nature of these rapid changes, it is easy for some data centre planners to misinterpret the cloud trend and equate the decreased footprint and capacity of the on-premise data centre with a lower criticality.  In fact, the opposite is true.  Because of the need for a greater level of control, adherence to regulatory requirements, low latency, and connectivity, these new edge data centres need to be designed with criticality and high availability in mind.

The issue is that many downsized on-premise data centres are not properly designed to assume their new role as critical data outposts.  Most are organized as one or two servers housed within a wiring closet.  As such, these sites, as currently configured, are prone to system downtime and physical security risks, and therefore, require some rethinking.

Systems redundancy is also an issue.  With most of the applications living in the cloud, when that access point is down, employees cannot be productive.  The edge systems, when kept up and running during these downtime scenarios, help to bolster business continuity.

Steps that enhance edge resiliency:

In order to enhance critical edge application availability, several best practices are recommended:
Enhanced security – When you enter some of these server rooms and closets, you typically see unsecured entry doors and open racks (no doors). To enhance security, equipment should be moved to a locked room or placed within a locked enclosure.  Biometric access control should be considered.  

For harsh environments, equipment should be secured in an enclosure that protects against dust, water, humidity, and vandalism.  Deploy video surveillance and 24 x 7 environmental monitoring.
Dedicated cooling – Traditional small rooms and closets often rely on the building’s comfort cooling system. This may no longer be enough to keep systems up and running.  Reassess cooling to determine whether proper cooling and humidification requires a passive airflow, active airflow, or a dedicated cooling approach.

DCIM management – These rooms are often left alone with no dedicated staff or software to manage the assets and to ensure downtime is avoided. Take inventory of the existing management methods and systems.  Consolidate to a centralized monitoring platform for all assets across these remote sites.  Deploy remote monitoring when human resources are constrained.

Rack management – Cable management within racks in these remote locations is often an after-thought, causing cable clutter, obstructions to airflow within the racks, and increased human error during adds/moves/changes. Modern racks, equipped with easy cable management options can lower unanticipated downtime risks.

Redundancy – Power (UPS, distribution) systems are often 1N in traditional environments which decreases availability and eliminates the ability to keep systems up and running when maintenance is performed. Consider redundant power paths for concurrent maintainability in critical sites.  Ensure critical circuits are on emergency generator.  Consider adding a second network provider for critical sites.  Organize network cables with network management cable devices (raceways, routing systems, and ties).  Label and color-code network lines to avoid human error.

A systematic approach to evaluating small remote data centres is necessary to ensure greatest return on edge investments.  To learn more, download Schneider Electric White Paper 256, “Why Cloud Computing is Requiring us to Rethink Resiliency at the Edge”.  This paper reviews a simple method for organizing a scorecard that allows executives and managers to evaluate the resiliency of their edge environments.

Guest blog by Wendy Torell, Senior Research Analyst at Schneider Electric’s Data Center Science Centre

Tuesday, 28 March 2017

How Do We Balance Security with Personal Privacy?

As the whole world knows by now, March 22nd 2017 was a deadly day in London. A man identified as Khalid Masood drove a rental car onto the pavement as he crossed Westminster Bridge, purposely hitting pedestrians as he made his way directly to the Houses of Parliament, where he exited the vehicle and stabbed a police officer to death before being shot by other officers.

In the hours following the deadly incident, police investigators learned that Masood had used the WhatsApp messaging service minutes before beginning his rampage. Police do not know what was communicated due to end-to-end encryption that prevents them from seeing the actual contents of the communications. The incident itself - along with the encrypted posts – has, once again, led the UK government to raise the question of balancing security with privacy.

End-To-End Encryption Explained

Many popular mobile apps, including WhatsApp and iMessage, use end-to-end encryption by default. With this kind of encryption, a message is encrypted at its source, sent over the network, and then decrypted by the recipient device at the other end. The server that carries the data is unable to decrypt data because it does not have the shared key.

The result of end-to-end encryption is that companies like Facebook and Apple can provide only limited amounts of data to police investigators. In the Masood case, the only way for investigators to know what he communicated is to break into his password-protected phone.

Security vs Privacy Conundrum

Government officials have made clear in the wake of this latest attack that they expect technology companies not to provide a means of online communication that cannot be accessed by authorities. Yet their calls for less secure systems fly in the face of demands that those same companies take every possible step to protect personal privacy. In essence, it would seem the government wants it both ways.

Some suggest that companies such as Facebook (owners of WhatsApp) and Apple are deploying end-to-end encryption in order to take themselves out of the equation when incidents like this occur. Whether that is true or not, they also say that making their hardware and software less secure gives their customers legitimate concerns about their own privacy.

If technology makers created an encryption system that could be accessed by authorities in the event of a crime or terrorist act, they have also created a system that can be accessed by hackers. Less secure means less secure across the board. You cannot make technology easier for authorities to access yet still more difficult for criminals and terrorists. It doesn't work that way.

The stark reality is that there is no way to balance security and personal privacy. They are weighted differently, depending on your perspective and your reasons for wanting them. In the end, one will always prevail over the other to some degree. So do we strive for greater security at the expense of personal privacy, or do we make sure privacy is still the primary concern?

Tuesday, 21 March 2017

Data Breaches Do Not Require Computers or Networks

We undeniably should be doing everything we can to prevent data breaches. But to expect that we'll ever reach a day when any and all data breaches are eliminated is unrealistic. The fact is that humans are imperfect creatures capable of making all kinds of mistakes. As a case in point, consider a recent £60,000 fine levied by the Information Commissioner's Office (ICO) against a local council that allowed a used cabinet to be sent to a second-hand shop with client files still inside.

On 20th March (2017) the ICO released a bulletin explaining that it had fined Norfolk County Council after a customer purchased a cabinet from a local second-hand shop only to discover case files still inside. Those case files contained sensitive information relating to seven children, according to the bulletin.

ICO Head of Enforcement Steve Eckersley wrote in the statement:

"Councils have a duty to look after any personal information they hold, all the more so when highly sensitive information is concerned – in particular about adults and children in vulnerable circumstances. For no good reason, Norfolk County Council appears to have overlooked the need to ensure it had robust measures in place to protect this information."

The ICO did not release a lot of details about the case, but these should be easy to deduce based on typical human behaviour. It is likely that council officials decided to dispose of the cabinet and assigned a low-level employee to clean it out in preparation for transfer. The employee failed to remove all the files from the cabinet before it left the council's facility.

Once at the second-hand shop, its employees also failed to thoroughly inspect the unit before putting it on the sale floor. It was purchased, taken home, and only then opened to reveal the case files.

Multiple Failures Along the Line

The point of our blog post is not to assign blame or to ridicule the County Council mentioned in any way. Rather, it is to show that there were multiple failures along the line that led to the new owner of the cabinet ultimately finding sensitive data. It is not unlike network data breaches that are the result of multiple failures.

In the Norfolk County Council case, the employee who cleaned out the cabinet failed to do so thoroughly. That was followed by an inadequate inspection by a member of management and those responsible for transporting the cabinet to the second-hand shop. Shop staff also failed in that they did not thoroughly inspect the cabinet prior to offering it for sale.

In the arena of network security, there are many more layers and a lot more hands buried deep in the security pie. Therefore, the potential for failure is increased. We are doing a very good job of protecting personal data stored on networks and we must continue doing our best to improve the security, however we are never going to eliminate it fully. Unfortunately, failure is part of being human.