In-Depth

Protecting Remote-Site Data

EdgeSecure makes it easier to protect data stored in remote locations.

• By James E. Powell
• 10/03/2006

Keeping data secure within the enterprise has always been critical, but protecting data in the field is an even trickier job. Ingrian Networks’ solution addresses this concern with a new appliance specifically designed for remote locations, EdgeSecure™ Platform.

The company’s flagship product, DataSecure, focuses on protecting data in the data center. As Derek Tumulak, director of product management, told Enterprise Strategies, “Enterprises can protect sensitive information, such as Social Security and credit card numbers, within databases and applications within the data center, so typically we protect Oracle and SQL server databases, information that flows through Java or Windows applications. With EdgeSecure, the focus shifts to retail store locations and bank branch locations.”

There’s plenty of information in play at these remote locations. The EdgeSecure appliance, which resides remotely, has a smaller form factor and interfaces with point of sale applications. “If you have a remote server or a point-of-sale server running, it can safely communicate with EdgeSecure to encrypt or decrypt information without having to go across a wide area network or the Internet,” Tumulak says.

EdgeSecure can connect to a variety of environments: Unix, Windows, OS/2, DOS, Java, even legacy environments (thanks to the XML interface Ingrian provides).

Usually, the larger the number of remote locations, the bigger the management headache. The company’s Enterprise Manager, however, lets an administrator monitor, troubleshoot, and maintain individual EdgeSecure units centrally—from managing policies to logging, reporting, and even loading software upgrades. In addition to seeing an enterprise-wide view of the installed EdgeSecure appliances, a manager can assign devices to groups (all servers in California, for example) and then set policies for the entire group—from controlling what applications can use a key and what applications can encrypt and decrypt information to time-of-day permissions (a batch job may only need to decrypt credit card information overnight, for example) and the encryption/decryption rate.

All management actions are logged, as is all cryptographic activity. Logs are maintained on the device and then streamed to the data center on a regular schedule. (The logs are also signed so they can’t be tampered with.) The log information can also be used for sending alerts (e-mail to an administrator, for example) when unusual events occur.

Appliances come with their own security concerns, however, and given that remote locations are typically less secure than a central data center, security administrators need to consider what happens if a device is stolen. Tumulak says the appliance can be set to become inoperable if it doesn’t connect back to the data center within a user-specified time period. Replacement of the stolen appliance is easy, he says, because all the information to reset the appliance is stored at the data center. A simple reconnection and the previous environment is pushed down to the replacement unit. Tumulak claims that the work to install a new device is minimal; that could mean a service call isn’t needed, and IT personnel wouldn’t be needed until it’s time to reload the unit.

Tumulak also notes that if an EdgeSecure unit fails, the data center takes over until the unit is back in operation. The process is slower, because of more overhead and bandwidth issues, but a branch location isn’t left without protection.

The standard deployment for EdgeSecure can range anywhere from 50 to 7,000 remote locations. Ingrian EdgeSecure launched on September 25 and will be available in October. More information is available at http://www.ingrian.com.