Going fast – securely
Digitisation is opening a myriad of possibilities for businesses to create and capture value but it also creates many possibilities for those who wish to steal from them, from their customers and partners, or to disrupt the services they provide.
Petra, WannaCry, Mirai – even if the technical details seem arcane, the disruption and cost caused by cyber attacks are tangible to everyone when trains cannot run, hospitals have to postpone operations, the electricity supply fails or factories cannot produce their goods.
Many organizations are aware of the threats and take counter-measures.
However, recognising the threat posed not just to individual companies but to whole societies by digital abuse, lawmakers and regulators have mandated secure and transparent data processing both with regard to individuals’ data (the EU General Data Protection Regulation being the most recent example) and to the handling of data and secure processes in our critical infrastructure (e.g. EU NIS Directive on Network and Information Security).
Companies and organisations are obliged to be compliant. There are stiff penalties for non-compliance but the real point is that organisations which wish to enjoy their customers’ trust and to be accepted as players in new value-creation networks must be secure.
It is a part of business hygiene. It is a quality characteristic of companies aiming for growth. Security needs to be thought through end to end and the technological core is the platform on which all your data is being processed and stored.
Safety is designed into fast cars from the outset. Safety is not an afterthought, it is an integral part of a system designed to deliver speed and safety in equal measure. At Fujitsu we believe that the same should be true for cyber security.
Security by design needs to be a reflex, something that is systematically considered when designing and delivering products, solutions and services. Security design impacts the three pillars of security: people, processes and technology. Your IT infrastructure must easily integrate in this design.
Simply creating and increasing security awareness is a big step in the right direction – not only for programmers and administrators but for all users. Security levels can be increased significantly by taking very basic measures such as setting reasonable passwords, ensuring that the latest updates of operating systems and applications are installed and being suspicious of email attachments from unknown senders.
Seems obvious? Well, the Mirai denial of service attack which made many tier-one web services inaccessible in October 2016 was made possible by harnessing the computer power of many small IoT devices which had weak or non-existent passwords.
The product designers had cut corners, underestimating the potential impact of their poor default settings and users omitted to change pre-set passwords. In a highly networked environment, such carelessness can reverberate throughout the entire system.
Awareness is one thing, but maintaining security and compliance at scale requires processes. A good example is GDPR, the new EU General Data Protection Regulation.
Organizations have to keep track of what data they gather, why they gather it, where they keep it, whom they share it with and when they delete it. Organisations need to know where data resides and if and how breaches affect this data. Inflationary replication of data makes it hard to impossible to ensure compliance yet large organisations have been seen to duplicate data sets up to fifty times.
It is impossible to keep track manually of large amounts of data during its lifecycle. Processes must be established to do this. Equifax, a US credit rating company, had data sets containing 146 million names and 145 million social security numbers stolen. The loss of trust resulted in declining business, a tumbling share price and executive managers being replaced, not to mention penalties imposed by regulators.
The third element of a sound security strategy is technology. Networks, storage systems, server systems, clients and their interactions through software stacks and shared infrastructures in the cloud must themselves be designed to ensure the security of the transactions conducted with them.
Security permeates Fujitsu’s value stack. We offer products with excellent security capabilities. Our PRIMERGY servers use Trusted Platform Modules. TPM benefits include physically ensuring that a replaced hard disk can only be read by an authorised operating system.
Software and firmware security features include iRMC (integrated remote management controller) and roll-back mechanisms to prevent brick status. The most recent generation of relevant protocols is supported by all components.
Hardware level security is provided by physically lockable bezels (for tower systems) and intrusion control mechanisms. Holistic system level security is achieved by the combination of PRIMERGY and ETERNUS storage systems, which both actively support data management and encryption functions to ensure the integrity of your data storage and processing.
Our biometric technologies increase security for physical access to premises and rooms as well as logical access to IT devices and applications. We offer a broad portfolio of services to assess a customer’s security posture against key standards such as ISO 27001 or regulations such as GDPR.
We assist customers in implementing incident response procedures and support them with managed security services, which relieve much of the day-to-day burden of maintaining security. Services to analyse and optimise data management complement our offer.
Take your business into the digital fast lane – while making sure that security is embedded throughout your business: in your people, processes and technology. With a broad portfolio and more than 40 years of security experience, Fujitsu gives you the power and the confidence to excel.
Build securely on Fujitsu PRIMERGY servers. They are easy to integrate, even in complex and heterogeneous environments demanding more security.