Securing Data Vital to Personalized Customer Experiences [Feb. 20, 2015]
By Andrew Kenney
Personalization and Personal Security
Everyone loves an app that responds based on what it knows the visitor will want – a tune-up because your car is due for repairs, a doctor’s office that displays relevant schedule openings to authenticated patients – yet people remain concerned their personal information could be exposed to others. Making a convenient appointment with a doctor isn’t worth risking that an intruder will leak your medical records on Facebook because of an unprotected port between the scheduler app, patient record ID and the medical records datastore.
The consumer’s world is full of untapped benefits from connecting data on their behalf in the form of services, from the Űberfication of local services to the application of expert systems to assist busy doctors with diagnoses. As sophisticated data analysis unleashes deep insights, the resulting wave of data will produce many more avenues for malicious attackers.
Isolating servers and building layers of defense is the most effective approach to security available today. Isolation closes a physical or virtual machine on a private network to all but designated traffic. Intruders cannot probe these connections, nor can they identify the IP address of the isolated server. The network is protected by opening minimal ports, running only necessary services and securing sensitive information in transit. When passing requests from web-facing servers through encrypted tunnels, designate a single point of access for just one type of data connection so the traffic can be carefully monitored for unusual activity.
Securing the Cloud
Web services’ evolving mandate is to be invisible and reliable. We make connections between organizations and their customers transparently and quietly, keeping transactions moving while user data remains secure.
As Forrester Research put it early in the virtualization era, server virtualization is 90 percent process and only 10 percent technology — for companies linking sensitive data to the network, logical and physical isolation remain the primary strategies for enhanced security. With a logically isolated network in place, an enterprise can set up VPNs between the private network and remote data centers or other clouds in order to access information without exposing any traffic to the open Internet.
“Companies are starting to use private and public cloud for their mainstream applications, with business line metering and billing becoming more common,” Forrester research analyst Richard Fichera wrote in August 2014. “Press your vendors to deliver automation driven by simpler policies. Make them do the hard work for you and hide the complexity[.] Automation that requires heavy human involvement is contradictory to the very principles of automation.”
At Acquia, we’ve added Acquia Cloud Shield, a virtual private cloud (VPC) with VPN capabilities built on top of Amazon Web Services to provide cloud-to-cloud protection between the company’s PaaS and client devices. We created this as a response to customers’ need to ensure their Drupal apps have fine-grained control over data access and network resources, and to provide the necessary data when designing user experiences.