Simultaneously protecting applications and data: The next evolution in security?
September 2009 by Imperva
In a recent Imperva podcast interview, Chad Lorenc of Agilent Technologies, explained how to create a highly secure communications infrastructure to securely collaborate with their outsourcing partners. The key element: the synergies between database and application protection within a single, unified view.
Lorenc, information security network and application security architect with the IT design and measurement specialist - and a customer of Imperva’s - talked about the popular issue of application security and how his company, while outsourcing a number of its IT services, maintains the highest possible levels of security on its network.
Because Agilent carries out a lot of outsourcing of its IT functions, the company has created a highly secure communications infrastructure. Web applications are accessed internally and externally – thus, they needed to secure data from insiders and outsiders. “Because Agilent is so highly outsourced, Web application security is critical—but it is joined at the hip with data,” explained Lorenc.
Agilent’s strategy, says Lorenc, is to use a three-tier IT security structure, with the firm’s external DMZ (demilitarised zone) interfacing securely with its own core IT resources.
Their approach of using application monitoring and security was made very easy because they had created a very advanced environment with a lot of unique places to put in chokeholds, monitor data, block data, do database monitoring. Imperva’s web application firewall gives visibility into how users interact with their assets. This information is used to help guide and validate their application security policy.
From a data protection standpoint, discovery was an important phase to understand what assets they have, and what risks are associated with those assets. Imperva found and classified all their valuable assets so they knew what to protect.
The problem is made all the more complex, said Lorenc, by the fact that the company’s data is effectively residing in as many as 10 or 12 locations.
In the three-tier security structure, therefore, the core IT resources are interfaced securely with the DMZ, and then on to `true’ external IP network-connected systems.
This effectively makes the DMZ a secure virtual cloud environment that Agilent has to ensure maximimum possible security, but whilst maintaining effective communications with its partners.
Lorenc describes this approach as very challenging and requiring the use of a discovery model to ensure best security across multiple platforms - including PHP, Ajax, Java and Microsoft .NET.
"Agilent has encountered a unique set of security challenges as a result of its unusual three-tier security architecture, but has fully met this challenge using conventional IT security technologies, bonded together to create a customised solution," said Brian Contos.
"By linking its Web application firewall technology with a disparate range of other security systems, Agilent has created a unique and highly secure hybrid VPN environment that performs smoothly, despite its complexities," he added.
Join Imperva and Agilent for this educational and entertaining podcast here...