Distribute Your Computing, Not Your Data

Problem No. 1: Privacy. Your customers can't leave personal data all over the place any more. HIPAA, Gramm-Leach-Bliley (GLB) and the state of California all want you to be sure that any place you put data that is important to individuals is appropriately safe. And that means your laptop in O'Hare and your branch office in Tulsa better have a data security posture that's just as good as your headquarters in New York.

>> KEN PHELAN is co-founder and CTO of Gotham Technology Group, a 75-person solution provider in New York with practices including security, access technologies and infrastructure

Problem No. 2: Control. Not only do you or your customers need to put everything in a safe place, but you need to prove that you have full audit accountability for your IT systems. From our standpoint, the indisputable audit point is "safeguarding of assets." All pertinent assets—be they on that laptop in O'Hare, at that branch in Tulsa or the headquarters in New York—must be safeguarded. At a minimum, that means data must be identified and backed up in a verifiable way.

Problem No. 3: Cost. Your clients continue to suffer under the costs of distributed computing. The theory of total cost of ownership (TCO) may be in the attic with our bellbottom jeans, but with patching so prevalent it's applying for entry into the next Olympics, quantitative cost containment may warrant a new approach.

Where do companies look for solutions? Usually, there seem to be three phases to addressing the control and compliance of audit management:

id
unit-1659132512259
type
Sponsored post

Year One: "We're planning something." Year Two: "We've bought something." Year Three: "We're firing somebody." But I'd like to suggest something a little more pragmatic.

Obvious Statement No. 1: Establish enclaves. Your customers need to pull important data (the stuff covered under the privacy laws, GLB and Sarbanes-Oxley) into places where the customers know it's really safe. Then use secure publishing technologies, such as those we offer as a Citrix reseller, to ensure that people only get access to what they need when they need it. The success of this computing model also depends on the selection of a server model (see Obvious Statement 2) and a service management model, i.e., deciding who's responsible for running and managing it.

Obvious Statement No. 2: Servers belong in data centers, not branches. New technology, such as the one we represent from DiskSites, allows you to replace servers in branches or other remote locations with an appliance that is automatically replicated and provides the same performance as a local server. Look, Mom! No remote patching!

Obvious Statement No. 3: Stratify. Once your clients assets are centralized, audits and assessments can be managed more appropriately based on the value of the asset rather than the convenience of its location.

EDITOR'S NOTE: CRN welcomes letters on current news issues and guest commentaries from solution providers. Please limit your comments to no more than 550 words. Your letters or columns may be abridged for space considerations. Send suggestions to CRN Editor Heather Clancy at [email protected].