How do you come up with a security system for your data centre that works almost ten years into the future, by anticipating the doubling-up of your needs every two to three years without it costing you an arm, a leg and your current data centre? A collaboration between Checkpoint Software Technologies Ltd., and DataGroupIT would be your best bet.
Chibuzo Mbuka, Presales Director, Africa, DataGroupIT, who have been providing IT infrastructure, cloud service and IT security for the last 15 years says, “We see cybersecurity as not just the challenge that affects big enterprises; everyone has that challenge. Every customer size has that challenge. This is what we have seen as we have engaged with our customers. This is what every business is facing today. It is not just all about the biggest customers. So we have solutions that fit into every customer size, industry and challenge.” The key is to help them meet compliance regulations.
“Most of our solutions use machine learning and have artificial intelligence (AI) embedded. We always tell our customers security should not be an afterthought. It should be part of the design and their application deployment,” he points out.
One of the critical challenges customers have, says Chibuzo when they want to move to the cloud, is security. “They ask, how confident are you that when I move to the cloud, all my apps are going to work? This security I have on-premises, is it going to work on the cloud? As DGIT, all our solutions are cloud-ready. You can move into the cloud with our solutions.”
Most times, when customers want to start with online security, they don’t know what comes first. DGIT came up with a model on investment in cyber securities that has six pillars: data, applications, mobile, cloud, network, and user security. That way, the client knows how to allocate budgets in different areas.
Yaron Weiler is a Product Manager at Check Point Software Technologies Ltd., partners with DGTI. He talks about Check Point Maestro for hyperscaling network security solutions has a new line up of appliances for businesses of all sizes ranging from a branch office to telco and high end, the Maestro with a threat prevention throughput ranging from, 0.58 Gbps to 190 Gbps respectively. The customer has the option of paying for precisely what they want and need in terms of configuration.
“The issue data centres managers have is, you need to renew your security solution. And you need to buy a security solution that would fit you for six to eight years from now. However, if you look at the traffic in today’s world, we see that the traffic doubles itself every three years. In some of the cases, it is even much less; every two years. It means if you need to buy something today, you need to buy something that is six or more times than you need today is roughly expected. The result is a very expensive security solution that it would be very difficult to explain and justify,” posits Yaron.
How do we leverage data security to the protection of data from unauthorised access and data corruption throughout its life cycle; such as data encryption hashing tokenisation and key management practises that protect data across all applications and platforms?
Chibuzo: Before we can think of data security, we need to understand where the data is sitting. Is it sitting in a database, in motion or at rest? There are different solutions you can apply to this. You can encrypt. Maybe to prevent access to this data, you can also consider privileged access to the data. If the data is sitting in a database, you think of a database monitoring solution or a database firewall. There are different areas within which you can protect different data in different places. The key for us is to understand the movement of data and define the critical nature of that data. Not every data is vital, and it is not every data you want to choose to protect, but we need to define the critical level of that data and know how to find the solution and how to protect it.
What is a reasonable lifetime for these devices?
Yaron: Around three or four years. Once the appliance is out of sale, we provide an additional five years of support. We are talking roughly nine years of availability and support for all the appliances. The reason we refresh appliances every three years is because appliances are all about a processing packet as fast as we can. And to do so, we need to have the most significant and latest CPU. You cannot secure today’s networks if you have a CPU that is six or seven years old. That is why we need to work with the latest and greatest. It used to be that 1GB was enough for network connectivity. Today, 10GB is not enough. We need to move in a fast forward pace to keep up with the growing security and connectivity needs.
Is there any replacement for those appliances in VM?
Yaron: Instead of a security gateway, we have a VM based solution at Check Point. We have recommended vendors and configuration that we rely on to ensure that you have the base hardware to support well-known vendors such as Dell and hp. As of today, we do not have VM supported under Maestro. Reason being we do not have any control over the hardware once it’s a VM. As Check Point, we control the CPU and all the resources, and we can manage them. But in terms of VM, the customer can upgrade on site. We have a lack of control and therefore, not able to balance the resources accordingly. The solution is, thus limited to Checkpoint appliances only. On a per-gateway basis, we do have our software running on third-party servers.
Is there any data centre security provider that have key values and differentiators? Can you mention some of the companies you have deployed?
Chibuzo: I cannot give a hypothetical example owing to the clients’ privacy. In the case of a banking institution, should the want to design security around an app. We need to look at things such as; what database is the application going to go in? Is it going to be launched over the internet? How do we protect it from internet-facing threats? We just need to understand how those solutions will be utilised then we know which solutions to put across. Though there are different solutions, we can use to solve the different solutions and challenges customers have.
You indicated that the solution work between two data centres – on-prem and on the cloud. Is there a limit as to the distance between the two?
Chibuzo: On a general note, our solutions can work both on the cloud and on-prem. Let’s take a customer that wants to move his workload to the cloud. Checkpoint has solutions that can protect you on the cloud just like the physical firewall that you have. And let’s say something like a database activity monitoring; you can also have something like that. Generally, we can provide solutions around that space.
Yaron: We usually recommend up to 10kms. This is not because of the security limitation, but because of the optic latency driven from the transceivers. Bit it has nothing to do with security. It is a physical limitation.
With tech becoming cloud-based, and all our resources soon to be hosted on the cloud, it means all security risks and aspect will be given to the cloud owner. What do you suggest for those not having their cloud?
Yaron: Under Maestro we have several security codes, each one dedicated to an aspect of the network. We can have one taking care of the in premise appliances, with another going to cloud traffic. The system can manage multiple sources of traffic and for each of them to have a dedicated appliance to manage the security. You can manage both your in-premise gateways as well as a public or private cloud in traffic.
Why is the amount of data in Gbps a factor when choosing the equipment from Checkpoint?
Yaron: Security gateways are mainly about how fast you can process packets coming into the organisation. It is all about processing power which is measured in megabit per second in the past. In today’s world, it is measured in gigabit per second. How many gigabits per second can you process? It gives you a way to evaluate the throughput that this supplies to protect your data centre.
Write to us firstname.lastname@example.org