Intelligent CIO Middle East Issue 74 - Page 22



Download whitepaper here

The world has changed around your host systems . Today , these enterprise workhorses – rich with decades of data – don ’ t fit into your modern security framework . In fact , your modern security framework protects everything but your critical hosts . And yet regulatory requirements demand equal data protection for all . This white paper reveals a practical way to bring your host systems into the modern security fold – finally closing the technology gap – without jeopardising business operations .

The host stands alone
Once upon a time , host systems lived in a secure world . Host data travelled a protected path to and from a trusted terminal . The host knew who the user was , where the data came from , and where the data was going . Times have changed . Today we have open networks , service-oriented architectures , and hackers who hack faster than IT can patch . Host security hasn ’ t kept up . Traditional host-access security leaves data dangerously exposed in a number of ways :
Weak decentralised authentication
Simple eight-character passwords may be all that stand between a malicious hacker and your critical host data . Host-based authentication , by itself , cannot leverage the full power of the identity management system used by the rest of the enterprise .
Weak decentralised authorisation
Once logged onto the corporate network , a user has easy access to your host applications . That means an attacker need only steal a user ’ s eight-character host credentials to trespass into personal data fields .
Decentralised auditing
Host-access auditing is performed by each host , based on each user ’ s host ID . When multiple hosts are involved , security administrators have to examine the logs on each one – comparing the user ID for each host to the user ID for the enterprise – to build a complete audit trail .
Problematic encryption
Until the arrival of SSL / TLS encryption in the 1990s , data and passwords travelled between the client and the host in clear text . There was no safe haven from prying eyes . SSL / TLS solved the encryption problem , but not without a catch : Encrypted traffic cannot be monitored in the DMZ – which means IT security is forced to allow traffic through without knowing anything about the content .
Lack of centralised control
Because authentication , authorisation , and auditing can be applied only at individual hosts , the central security team cannot effectively monitor and enforce the use of enterprise security policies . p
22 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com