WHAT'S NEXT?
When we look to the future, we actually see an increasing role for the Cloud. Partly due to the pandemic that has gripped the world for almost two years now, digitalisation has taken a big leap and passed this veritable baptism of fire with reasonable success. Workplaces have become a lot more digital, all kinds of applications and services can be accessed anytime, anywhere. But, this is not without danger. The very fact that it is possible to access online anywhere also increases the attack vectors. Protecting data is more than ever a hot topic.
PROTECTING DATA ON THREE LEVELS
Two years ago, no one would have imagined that we would all be working from home for such long periods of time. And what turns out? The popularity of digital applications has skyrocketed. Even as corona is gradually fading into the background, the success of the digital workplace is thundering on. But does this mean we are done with this? No, certainly not. In fact, it is vital that these workstations and the applications used are properly secured. Often, this place where applications and company data were used and stored could only be found at an office location in a closed network. Now, these are far more accessible outside office locations and therefore theoretically accessible to outsiders.
So, it is important to protect data to the maximum extent possible and at Fundaments, we like to work on future-proof solutions. We therefore approach protecting data, from three different angles.
- Data path - architecture
Protection at the first level consists of Security by Architecture. Here, it is important that an application is preferably not accessible via the Internet, but via smart alternatives such as links via private lines, or network platforms like the NDIX or NLIX. In addition, we provide smart checkpoints in the data path: next-gen firewalls such as those from Fortinet. These are firewalls that not only act as a gate or door by closing or opening a path, but are much smarter. These so-called next-gen firewalls are able to recognise patterns and, based on behaviour of data in a path, close access. For this purpose, from central databases, where a lot of attack patterns are stored, attacks are recognised very quickly and can be acted upon. At a higher level, this also happens with internet traffic; Fundaments' DDoS laundry lane takes care of filtering attack traffic and ensures that legitimate traffic can still walk a data path. Through these smart steps, we can already protect a lot of data traffic and thereby ensure that the path remains ‘clean’. - Data Protection - Backup and Disaster Recovery
The second layer of protection deals with continuity, which is Back-up and Disaster Recovery services. A backup is a copy of your data in another location, protecting data in case of human error, theft or technical problems, for example. Disaster Recovery adds to this. It is not just a copy of the data, but a completely mirrored environment. This ensures minimal data loss and downtime. Fundaments advocates combining these services; Back-up for long-term archiving and ensuring that a second copy of important data is available at another location; and with Disaster Recovery, a mirrored environment can be used to quickly restore a production environment in the event of problems; and then it's not even about major disasters. Precisely because of digitalisation, we see that throwing away a small file or an application update going wrong can already have major consequences. Protecting data as well as the application housing the data is therefore very important. - Data flow - monitoring
A rapidly developing world is one in which solutions are provided for analysing data flows; this involves data flows running across paths, similar to next-gen firewalls, scanning for abnormal behaviour on other parts of the Cloud, in applications, operating systems, but also on virtualisation layers. Within our Cloud, we constantly monitor data flows. In doing so, we are helped by smart solutions that integrate with our infrastructure. For instance, we hook onto the data flows of VMware's virtualisation. With VMware NSX's network integrations, we can look at data exchange on a much more specific level. But things like setting up a honeypot can also be a solution in this. This solution provides imitation of an easily accessible service that a hacker might find interesting; contact with the honeypot is reported which enables early detection of suspicious behaviour. Coupling 24/7 monitoring and automatic follow-up with this creates a powerful combination of monitoring solutions that can detect and mitigate any kind of attack.
