meet ben & irods 4posting - paul evans
TRANSCRIPT
BUILDING A DAM SECURE FILE SYSTEM WITH
Paul Evansprincipal architect
daystrom technology group
BENLET’S MEET…
BEN…
IT M
AN
AG
ER*D
AM
TH
INKE
R
O C C A S I O N A LS L E E P E R
* D I G I TA L A S S E T M A N AG E M E N T
OPERATIONAL REALITY
BUSINESSEXPECTATIONS
WHY DOESN'T BEN SLEEP MUCH?
‘DRIVERS’ OF THE CHAOS(DATA)
indeed, we love data…
we’re good at generating more and more, but…
( we never seem to throw any of it out )
arrivingtoo
FAST
too manyVARIANTS
tooMUCHData
BEN’S ‘DATA’ CONCERNS….
INVENTORY
PLACEMENT & PERFORMANCE
EFFICIENCY
SECURITY
INVENTORY
➡ WHAT DO WE HAVE➡ WHERE IS IT➡ WHO TOUCHED IT➡ WHEN SHOULD IT LEAVE
098q0987qwer987ads;lk ap8dfpasuptvpqweunqev;tjqwetvoij
098q0987qwer987ads;lk ap8dfpasuptvpqweunqev;tjqwetvoij
098q0987qwer987ads;lk ap8dfpasuptvpqweunqev;tjqwetvoij
098q0987qwer987ads;lk ap8dfpasuptvpqweunqev;tjqwetvoij
098q0987qwer987ads;lk ap8dfpasuptvpqweunqev;tjqwetvoij
PLACEMENT / PERFORMANCE
MULTI-SITE MANGEMENTDISTRIBUTED PROCESSINGLIMITED BANDWIDTH
PROCESSING > FAST STORAGEIDLE DATA > DURABLE STORAGE
EFFICIENCY
COST TIME TOACCESS
CEOEASY INVISIBLE
WHY THE SECURITY FOCUS?
“THE HACK OF THE
CENTURY”
SECURITY
BOUNDARIES
TRUST
MACHINE ATTACKS
TRUSTIDENTIFYING‘BAD ACTORS’
VIA MULTIFACTORAUTHENTICATION
ID / PASSWORDTOKEN INHERENCEGEO-LOCATION
BOUNDARIES: POUROUS
ADVANCED MACHINERYFA
STSC
ALAB
LEAT
TAC
KS
WHAT SHOULD BEN DO?
DAM SECURE !
iRODS iCATKEYMANAGER
THREATANALYTICS
SECURE FACILITY
DECRYPTIONGATEWAY
DECRYPTIONCLIENT
DECRYPTIONCLIENT
ENCRYPTEDDATA SERVER
ENCRYPTEDDATA SERVER
ENCRYPTEDDATA SERVER
SECURE FACILITY
TLS
MUTIFACTORAUTH
DAM SECURE INVENTORY POLICY-BASED INGEST INGEST
PORTAL
C4 ID
COMPRESS / ENCRYPT
ENCRYPTEDPRODUCTION
STORAGE
ENCRYPTEDPRODUCTION
STORAGEKEY
MANAGER
iRODS iCATRELIABLE INVENTORY
SECURE PROVENANCE
(WHAT & WHERE)
CENTRAL METADATA
(WHO & WHEN)
DAM SECURE PLACEMENT & PERFORMANCE
site
one
ENCRYPTEDPRODUCTIONSTORAGE
ENCRYPTEDARCHIVESTORAGE
PROCESSING
INGESTPORTAL
site
two
ENCRYPTEDPRODUCTIONSTORAGE
ENCRYPTEDARCHIVESTORAGE
PROCESSING
INGESTPORTAL
SECURITY: SPOT BAD ACTORS
iRODS iCATKEYMANAGER
THREATANALYTICS
MUTIFACTORAUTH
SECURITY: NO BOUNDARIES
SECURE FACILITY
DECRYPTIONGATEWAY
DECRYPTIONCLIENT
DECRYPTIONCLIENT
ENCRYPTEDDATA SERVER
ENCRYPTEDDATA SERVER
ENCRYPTEDDATA SERVER
SECURE FACILITY
TLS
SELF-DEFENDINGPORTABLE DATA
SECURITY: VS MACHINES
iRODS iCATKEYMANAGER
THREATANALYTICS
MUTIFACTORAUTH
DAM SECURE EFFICIENCY
site1 site2 site3
$$$ $$$$$
ENCRYPTEDPRODUCTION
STORAGE
ENCRYPTEDIDLE
STORAGE
ENCRYPTEDIDLE
STORAGEiRODS iCAT
ENCRYPTEDPRODUCTION
STORAGE
BEN HAS NO (DATA) WORRIES!
INVENTORY
PLACEMENT & PERFORMANCE
EFFICIENCY
SECURITY
BEN IS HAPPY THANKS TO:
technology grouptechnology group
LINKS• iRODS Data Management: pixspan.com/medical_imaging.php
• Daystrom Integration: daystrom.com/technical-expertise/data-grids.html
• HGST Storage: hgst.com/company/resources/hgst-erasure-coding-and-self-protecting-technology
• C4 ID: etcentric.org/wp-content/uploads/2015/09/C4-ID-ETC-Whitepaper.pdf
• Pixspan Compression: pixspan.com/medical_imaging.php
• FireEye TAP: fireeye.com/products/threat-analytics-platform.html