The spread of teleworking has forced companies to rethink the way they protect their IT assets. The reason for this upheaval is simple: users have left the perimeter of the internal network to connect remotely to data and applications on a daily basis. The risk is now at a high level. According to an Orange Cyberdefense study, data thefts targeting SMEs have jumped 20 to 25% since the start of the Covid-191 crisis. Organizations are therefore strengthening their protections against targeted attacks and intrusions, which endanger their data and the resilience of their business. But for leaders, the equation is difficult to solve. They need to invest, while IT treasuries and budgets are strained given the current economic context. They need to recruit new cybersecurity skills, while VSEs and SMEs face a shortage of experts. And they have to tackle complex and polymorphic threats, as the stacking of security solutions risks creating complex and costly integration. As a result, organizations today favor platforms that natively integrate suitable protection measures.
Start by asking yourself the right questions
Where do you start, then, to take an effective approach to data security? First of all, you have to ask yourself the right questions, simple but essential questions: where is the data? What is their level of sensitivity? How to best protect them according to their sensitivity? And finally, how is this data moved, especially between environments (datacenter, cloud, etc.) and networks? This first step of data discovery and classification will identify the key elements to secure: hard drives, internal servers, storage infrastructure, backup, etc. Once the sensitive systems have been cataloged, the question now arises of how. Encryption, based on standard and robust algorithms, guarantees the highest level of data protection. However, this technology poses the problem of key management. Simplifying the administration of encryption thanks to a centralized key manager is an advantage in this regard. In order to centralize and integrate security, Dell Technologies offers, for example, its OpenManage Secure Enterprise Key Manager, a tool directly embedded in Dell EMC PowerEdge servers.
SED disks: towards automated encryption
Another advantage in the field of encryption: automation. It is notably enabled by the use of somewhat specific hard disks, called SEDs. Data saved on these disks is automatically encrypted. And that’s not their only advantage. SEDs with key management system make encryption and decryption more transparent and faster for employees. Enough to allow them to concentrate on their tasks and prevent any deterioration in productivity. The PowerVault ME4 storage array integrates its supports and their adjunct a full range of protection services. Because in addition to protection against cyber attacks, business continuity also encompasses the availability of data. Snapshots, replication or ADAPT (Distributed RAID) software architecture are all responses natively present in the solution and allowing companies to meet the availability requirements. In conclusion, an effective approach to security will combine strategy and solutions. It is this combination of people and technology that will make cyber-resilience possible across the entire infrastructure.