Hi, welcome to RDX. When a mission-critical system becomes unavailable, it can threaten the survivability of an organization. That’s why RDX has a Database Operations Center team responsible for the proactive monitoring of all clients’ environments, 24×7.
Our monitors are custom tailored for every environment we support, and our specialists are trained in database and operating system problem resolution. This combination delivers peace of mind for our clients when they know the Database Operation Center is watching out for their highly available, high performance, and mission-critical environments. If a major problem does transpire, our experts notify the client immediately – creating a game plan on how to resolve the situation.
Thanks for watching! Next time, we'll discuss our platform-specific solutions.
Welcome to RDX! For those using Oracle Products, Oracle’s October critical patch update contains an unusually high number of security bug fixes.
ZDNet contributor Liam Tun noted that Oracle released patches for 155 security flaws for 44 of its products October 14th. Fixes include 25 security fixes for Java SE. The components affected include Java SE, Java SE embedded, JavaFX and JRockit. The highest Common Vulnerability Scoring System (CVSS) rating among the Java fixes was a 10, the highest rating available.
Also included are 32 fixes to Oracle Database Server products, with at least one receiving a CVSS rating of 9, 17 fixes for Oracle Fusion Middleware, 4 fixes for Oracle Retail Applications, 15 fixes for Oracle Sun Systems Product Suite and 24 for Oracle MySQL.
Many of these vulnerabilities may be remotely exploitable without authentication.
Thanks for watching!
Hi, and welcome to RDX. In this portion of our "services" series, we'll discuss how we provide companies with all of their database administration needs.
With RDX's full DBA support services, we become your DBA team and assume complete responsibility for the functionality, security, availability and performance of your database environments. We know that each company has unique goals and demands, which is why we also implement guidelines and protocols based on your organization's specific requirements.
In addition, we're willing to fill in any DBA role from our offerings that your company may need. You get the expertise and best practices of over 100 DBA experts for less than the cost of a single in-house resource.
Thanks for watching! Stay tuned for other ways to work with RDX soon.
System and database administrators from health care institutions are facing several challenges.
On one hand, many are obligated to migrate legacy applications to state-of-the-art electronic health record solutions. In addition, they need to ensure the information contained in those environments is protected.
Operating systems, network configurations and a wealth of other factors can either make or break security architectures. If these components are unable to receive frequent updates from vendor-certified developers, it can cause nightmares for database administration professionals.
Windows XP no longer a valid option
When Microsoft ceased to provide to support for Windows XP in early April, not as many businesses upgraded to Windows 7 or 8 as the software vendor's leaders had hoped. This means those using XP will not receive regular security updates, leaving them open to attacks as hackers work to find vulnerabilities with the OS.
Despite continuous warnings from Microsoft and the IT community, Information Security Buzz contributor Rebecca Herold believes that the a large percentage of medical devices currently in use are running XP. Her allegations are based on reports submitted by health care electronics producers that stated they leverage XP for the sensors' graphical user interfaces, as well as to create a connection to external databases.
Because Microsoft has yet to release the source code of XP, health care companies using these implementations have no way of identifying vulnerabilities independently. Even if the source code was distributed, it's unlikely that the majority of medical providers could use in-house resources to search for security flaws. The only way to defend the servers linked with devices running XP is to employ database active monitoring.
Public sector experiencing vulnerabilities
Healthcare.gov apparently isn't picture-perfect, either. Fed Scoop reported that white hat hackers working for the U.S. Department of Health and Human Services' Office of the Inspector General discovered that personally identifiable information was secured, but some data controlled by the Centers for Medicare and Medicaid Services lacked adequate protection.
After an assessment of CMS and databases was completed, the IG advised the organization to encode files with an algorithm approved by Federal Information Processing Standards 140-2. However, authorities at the CMS deduced this wasn't necessary.
Although this wasn't the first audit of Healthcare.gov (and it likely won't be the last), the information held within its servers is too valuable for cybercriminals to ignore. Setting up an automated, yet sophisticated intrusion detection program to notify DBAs when user activity appears inconsistent is a step the CMS should strongly consider taking.
The post Public, private health care systems possess security vulnerabilities appeared first on Remote DBA Experts.
Hi, welcome to RDX. With news about data breaches sweeping the Web on a regular basis, it's no surprise that the latest victim was a major U.S. bank.
According to Bloomberg, hackers gained access to a server operated by JPMorgan Chase, stealing data on 76 million homes and 7 million small businesses.
After further investigation, the FBI discovered the hackers gained access to a server lacking two-factor authentication. From there, the hackers found fractures in the bank's custom software, through which JPMorgan's security team unknowingly gave them access to data banks.
To prevent such attacks from occurring, firms should regularly assess their databases and solutions to find vulnerabilities.
Thanks for watching! Be sure to visit us next time for info on RDX's security services.
The post JPMorgan hack joins list of largest data breaches in history [VIDEO] appeared first on Remote DBA Experts.
Have what it takes to enhance your open source databases?
Welcome back to the RDX blog. Whether you prefer to store your information in MySQL or PostgreSQL, we can provide you will a complete range of administrative support.
In addition to 24×7 onshore and remote service, our staff can deploy sophisticated monitoring architectures customized to fit both MySQL and PostgreSQL. This ensures your data is available at all times.
Speaking of accessibility, our experts are well-versed in advanced PostgreSQL tools, such as the new Foreign Data Wrapper. According to Silicon Angle, this function enables staff to easily pull remote objects stored in analytic clusters.
Thanks for watching, and be sure to join us next time.
Electronic health records are becoming a regular part of the healthcare industry, but are organizations taking the right measures to secure them?
Hi, welcome to RDX. EHR systems can help doctors and other medical experts monumentally enhance patient treatment, but they also pose serious security risks.
SC Magazine reported an employee of Memorial Hermann Health System in Houston accessed more than 10,000 patient records over the course of six years. Social Security Numbers, dates of birth and other information was stolen.
In order to deter such incidents from occurring, health care organizations must employ active security monitoring of their databases. That way, suspicious activity can readily be identified and acted upon.
Thanks for watching! Be sure to join us next time for more security best practices and tips.
When it comes to storing data produced by Internet-connected devices, relational databases may not make the cut.
The push for NoSQL environments is growing in tandem with the pace at which wearable machines and industrial sensors is increasing. Database administration services are customizing systems to fit the needs of manufacturers, hospitals, retailers and other companies investing heavily in the Internet of Things.
The rise of the Industrial Internet
General Electric has expressed a considerable amount of interest in the technology, equipping its wind turbines, jet engines, locomotives and other machines to boost efficiency. The goal is to develop smarter implementations that will cumulatively save economic sectors hundreds of billions of dollars.
To achieve this goal, GE is partnering with Cisco, Intel and Verizon to create intelligent factories and public infrastructures, according to InformationWeek. For example, while Cisco's rugged routers will be placed throughout a facility, Intel's chips and servers will support computations. To enable GE's sensors to use these assets, Verizon will provide networking. With this environment, GE's devices will be able to perform predictive maintenance, power optimization and other tasks.
GE isn't preventing organizations from customizing these platforms, either. InformationWeek noted the company is developing Predix, a data aggregation and processing solution that's based on open-source technologies. This enables GE customers to create their own algorithms, code and data sources.
How it affects database administration
As distributed machines communicate with one another, produce native data and draw conclusions of their own, storing such information in SQL databases isn't the best option, noted IoT World contributor Sherly Mendoza. The issue comes down to how these environments store information
While SQL systems offer consistency and reliability, Mendoza maintained they require a lot of processing power to manage indexes and buffers as well as lock, latch and log data. In addition, although database experts can mitigate this problem, relational databases aren't easy to scale.
The solution lies in non-relational servers, which don't require administrators to assign information to schemes. The result is an architecture comprised of simple data structures that can be manipulated and adjusted as professionals require them. Because the data produced by the IoT is primarily unstructured, this makes NoSQL databases the optimal choice.
One key advantage of NoSQL environments is their ability to pull and organize data distributed across multiple servers. This means they can also scale across two machines or more, making hardware capacity less of a concern.
Preparing for the IoT boom requires considerable knowledge of non-relational databases, as well as the staff capable of enhancing these implementations.
The post What the Internet of Things means for database administration appeared first on Remote DBA Experts.
Want the benefit of managing an open source database? Oracle's looking to help you.
Welcome to RDX. Oracle Enterprise Manager will now include administration and monitoring functions for MySQL, the world's most popular open source relational database.
Database Trends and Applications noted that cloud and on-premise MySQL versions will receive a new line of backup, auditing and encryption functions to help database experts reinforce security. In addition, Oracle Enterprise Manager enables MySQL database users to monitor availability, measure performance and boost performance, as well as configure thresholds.
Thanks for watching
Welcome to RDX. For our retail customers, the holiday season is a critical time of year for revenue generation. The increased activity can put additional stress on transactional databases.
Here are some best practice suggestions to ensure your databases are ready for the holiday season from RDX Director of Technical Sales, Katy Park:
Put in a High Availability solution if you do not have one.
Secondly, run a test of your DR plan to ensure you can meet your time to recovery objectives.
Ask your DBA for code tuning suggestions for queries that are run often and utilize a lot of resources.
You should also consider removing the reporting load from your transactional database if reports are currently running on the production server.
And finally, review object sizes and maximum server capacities.
Thanks for watching, and we'll see you next time!
The post How to keep databases up and running during the holidays [VIDEO] appeared first on Remote DBA Experts.
Think hackers are only after you credit card numbers? Think again.
Hi, welcome to RDX. While the U.S. health care industry is required by law to secure patient information, many organizations are only taking basic protective measures.
According to Reuters, the FBI stated Chinese cybercriminals had broken into a health care organization's database and stole personal information on about 4.5 million patients. Names, birth dates, policy numbers, billing information and other data can be easily accessed by persistent hackers.
Databases holding this information need to employ active monitoring and automated surveillance tools to ensure unrestricted access isn't allowed. In addition, encrypting patient files is a critical next step.
Thanks for watching. For more security tips, be sure to check in frequently.
Whether to host applications or increase storage, migrating workloads to cloud environments is a consistent trend. However, many database support services are discovering that businesses unfamiliar with the technology often don't know where to begin.
It appears more enterprises will need guidance in the near future. Business Cloud News conducted a survey of 312 IT professionals across the United Kingdom, Europe and North America, finding 40 percent of participants believe 30 to 70 percent of their IT assets will be hosted in the cloud in the next two years.
So, what are some pain points interested parties should be cognizant of?
1. A lack of in-house capabilities
It's a point organizations have made in the past, but still deserves acknowledgement. Although in-house IT staff members are capable of sanctioning the transition from on-premise systems to a cloud environment, many require extensive instruction before they can do so. Even after training is completed, their lack of experience will likely cause interruptions.
In this regard, outsourcing is a safe choice. Hiring remote DBA experts to work with existing teams to migrate all applications and storage to a cloud infrastructure will expedite the process while also ensuring long-term issues don't persist.
2. Look at what applications are connected to
Hybrid cloud deployments are quite common among organizations that want to host a portion of their it assets in the cloud, but retain full back-end control over critical applications.
Suppose a company leverages that leverages a hybrid environment wants to transition its enterprise resource management solution to a hosted atmosphere. However, the ERP's file stores reside in on-premise servers. In order for the ERP solution to undergo migration, the file stores it depends on to operate must be relocated beforehand.
3. Observe indirect connections
Some on-premise deployments may seem alienated from other implementations but encounter hindrances when operating in the cloud. TechTarget noted one example detailed by Robert Green, principal cloud strategist at IT consultancy Enfinitum, who stated one of the firm's clients migrated an application to a public cloud environment without conducting a thorough assessment prior to initiation.
What the company failed to recognize was that on-premise firewalls that assessed and filtered Internet traffic would directly impact its employees' ability to access the cloud-hosted application. When 400 users attempted to use the software, the firewalls became overloaded. In the end, the Enfinitum client lost $10 million because its workers were unable to use the application.
If these three points are carefully considered, enterprises will be successful in all their cloud migration endeavors.
The post What do businesses need to prepare for cloud migration? appeared first on Remote DBA Experts.
Unsure of how IT will impact enterprises in the near future?
Hi, welcome back to RDX! CIOs will probably encounter a number of challenges in the years ahead. The Gartner Symposium will feature presentations on strategic IT procurement, critical industry trends and how businesses can gain value from the latest technologies.
The conference will be held at the Dolphin Hotel in Orlando, Florida from October 5th to the 9th. Notable speakers will be Microsoft CEO Satya Nadella and Lyft Inc. President and Co-Founder John Zimmer.
As you can imagine, we'll be informing attendees about our database monitoring and optimization services. If you want to find us, we'll be located at Booth 206 during show floor hours.
Thanks for watching! Can't wait to see you in Florida!
The post What to expect at this year’s Gartner Symposium [VIDEO] appeared first on Remote DBA Experts.
RDX’s IT Process Automation Strategy
Remote DBA Experts (RDX) is the largest pure-play provider of remote data infrastructure services. We have been providing remote services for over 20 years, which also makes us one of the pioneers in this space. We currently support hundreds of customers and thousands of database implementations.
Remote data infrastructure services is an extremely competitive market arena. Our competitors range from “2 guys in a garage” to major outsourcing providers like IBM and Oracle. Improving and enhancing our support architecture isn’t something beneficial to RDX; it is critical to our competitive survival.
One of our primary responsibilities at RDX is to research, and evaluate, leading-edge OS, database and application support technologies. The goal of these efforts is to ensure that RDX customers continue to receive the highest level of value from RDX’s support services. RDX’s strategy is to continue to be pioneers in the remote services space – just as we were 20 years ago. One of the key technologies that RDX is implementing to ensure our continued leadership as a remote services provider is IT Process Automation.
What is IT Process Automation?
Process automation, because of its wide range of application, takes many forms. Manufacturing companies have been using industrial robots to replace activities traditionally performed by humans for some time. Business process automation shares the same goal: to replace business functions performed by humans with software applications. Work activities that are repetitive in nature and require little intelligent analysis and decision making to complete are prime candidates for process automation.
Business software applications, by their essence, are designed to automate processes. Software programmers create intelligent decision trees to evaluate and refine stored data elements and display that processed data for human interaction or automate the decision making process entirely.
Automation products are designed to act upon stored data or capture it for processing. The data is analyzed using workflows (decision trees) and embedded rules. The automation product then performs a prescribed set of actions. The automation product can continue processing by executing additional workflows, prompt for human intervention or complete the process by performing an activity.
For the context of this article, IT Process automation is the implementation of software to programmatically automate routine (little decision making required), repetitive workflows and tasks performed by IT knowledge workers.
The Automation Tool Marketplace
A highly competitive market forces all automation vendors to accelerate the release of new products as well as enhancements to existing offerings. Automation vendors know that new features and functionalities are not a requirement for competitive advantage; they are a requirement for competitive survival. The more competitive the space, the greater the benefit to the consumer. Vendor competition will ensure that automation products become more intelligent, more cost effective and easier to implement and administer.
As the number of features provided by automation products grows, so does the importance of taking advantage of those new features. Automation product licensing and vendor maintenance contracts command a premium price in the marketplace. To gain the most return on their investment, companies must ensure that they are completely leveraging the benefits of the particular automation product being used. Understanding all of the inherent features is important, but selecting the features that bring each individual implementation the most benefit is the key to success.
The endless array of automation offerings add complexity to product selection. IT automation product features and functionality range the spectrum from niche offerings that focus on automating a very well-defined, specific set of tasks to products that provide a complete framework and set of tools designed to generate more global efficiencies by automating a wide range of activities. More traditional software vendors including database and monitoring tool providers realize that automation features provide their offerings with an advantage over competitors’ products.
RDX’s Automation Strategy
Process automation products have been on RDX’s technological radar for years. Various products provided bits and pieces of the functionality we required, but we were unable to identify an offering that provided a total automation solution.
Like many shops, RDX inter-weaved various scripts, programs and third-party products to automate repetitive tasks. Automation was done in an AD-HOC, opportunistic manner as the tasks were identified. RDX’s challenge was to select and implement a product that would provide a framework, architecture and set of tools that RDX could utilize to implement a company-wide automation architecture. The goal was to transform RDX’s automation activities from opportunistic and AD-HOC to a strategic initiative with a well-defined mission statement, clear set of achievable goals and detailed project plans with deliverables to obtain them.
RDX’s Process Automation Goals
RDX has two primary sources of repetitive tasks:
- Customer event data collection, diagnosis and resolution
- Internal support activities
Our goals for our automation strategy can be summarized into the following main points:
- Improve the quality and speed of problem event analysis and resolution. Faster and higher quality problem resolution equals happy RDX customers.
- Increase staff productivity by reducing the number of mundane, repetitive tasks the RDX staff is required to perform
- Reduce operating costs through automation
Our environment is not entirely unique. Our service architecture can be compared to any IT shop that supports a large number of disparate environments. The resulting challenges we face are fairly common to any IT service provider:
- RDX‘s desire to provide immediate resolutions to all performance and availability issues (reduce Mean Time to Resolution)
- RDX looking to respond to client events with more accuracy
- Implement a software solution that allows RDX to capture and record pockets of tribal knowledge and leverage that subject matter expertise by transforming it into automated processes to foster a culture of continuous process improvement
- Reduce the amount of time RDX spends on both customer-facing and internal repetitive tasks to allow our support professionals to focus on higher ROI support activities
- Provide the ability to quickly prove audit and compliance standards through report logs capturing the results of each automation task
- RDX’s rapid growth requires us to process an exponentially increasing number of event alerts and administrative activities. The continuous hiring of additional resources to manage processes and data is not a scalable or cost-effective solution
RDX’s Automation Product Selection
RDX performed a traditional vendor analysis using a standardized evaluation methodology. A methodology can be loosely defined as a body of best practices, processes and rules used to accomplish a given task. The task in this case is to evaluate and select an automation product provider.
A needs analysis was performed to generate a weighted set of functional and technical requirements. The focus of the analysis was on selecting a product that would help us achieve our goal of implementing a strategic automation solution, as opposed to just buying a product. If we were unable to identify a solution that met our requirements, we were willing to delay the vendor selection process until we found one that did.
RDX selected GEN-E Resolve as our automation tool provider. GEN-E Resolve was able to provide the “end-to-end” architecture we required to automate both customer event resolution and RDX internal processes. GEN-E Resolve’s primary focus is on the automation of complex incident resolution and is a popular product with large telecommunication providers that support thousands of remote devices. What RDX found most beneficial was that the product did not require the installation of any software on our customers’ servers. All processing is performed on RDX’s Resolve servers running at our data center.
RDX’s First Step – Automatic Event Data Collection
The primary service we provide to our customers is ensuring their database systems are available at all times and performing as expected. Database administrators, by the very essence of our job descriptions, are the protectors of the organization’s core data assets. We are tasked with ensuring key data stores are continuously available. However, ensuring that data is available on a 24 x 7 basis is a wonderfully complex task.
When a mission-critical database application becomes unavailable, it can threaten the survivability of the organization. The financial impact of downtime is not the only issue that faces companies that have critical applications that are offline. Loss of customer goodwill, bad press, idle employees and legal penalties (lawsuits, fines, etc.) must also be considered.
It is up to the database administrator to recommend and implement technical solutions that deal with these unforeseen “technology disruptions.” When they do occur, it is our responsibility as DBAs to restore the operational functionality of the failed systems as quickly as possible.
RDX’s initial goal was to automate the collection of information required to perform problem analysis. The key to faster problem resolution is to reduce the amount of time collecting diagnostic data and spend that time analyzing it.
RDX prioritized customer events using the following criteria:
- Frequency the event occurs
- Severity of customer impact
- Amount of time required to manually collect diagnostic data (reduce Mean Time to Resolution)
- Complexity of the diagnostic data collection process (increase resolution accuracy)
- Amount of human interaction required to collect diagnostic data (cost reduction)
RDX deployed a team of in-house automation specialists to collect the operational knowledge required to create the decision trees, workflows and data collection activities traditionally performed by RDX personnel. Our implementation, although still in its infancy, has met our initial expectations.
RDX has automated the diagnostic data collection process for several events and has proven that the automation tool can perform the tasks quickly, consistently and with high quality. RDX has also successfully implemented automatic problem resolution tasks for simple events. Subsequent enhancements to our automation capabilities are to leverage RDX’s collective operational knowledge to quickly resolve more complex issues.
Although our initial goal was to improve the speed and quality of our problem resolution process, our intent is to also move forward with the automation of our internal support processes. One of the key facets of the project’s success was to keep RDX personnel informed about the automation project and the benefits the implementation would provide to both RDX customers and internal support technicians. Promoting the product was crucial, as we found that it led to the generation of a veritable groundswell of internal process automation recommendations. Our intent is to formalize the internal process automation project by appointing RDX personnel as project owners and soliciting recommendations through company surveys (as opposed to an AD-HOC manner). Once the recommendations are collected, RDX will perform the same type of prioritization as we did during the initial stages of product implementation.
The Future of Automation
Although we will continue to see the greatest advances in automation in the traditional manufacturing spaces, IT process automation will continue to grow and mature until it becomes integrated into the fabric of most IT organizations. Larger shops will be the early adopters of IT automation, as they will be able to more quickly realize the benefits the solution provides than their smaller counterparts. As stated previously, a very competitive market arena will continue to accelerate the features and functionality provided by vendor products. As the offerings mature, they will become more robust, more intelligent and more cost effective. As a result, the adoption rate will continue to grow, as it would with any technology possessing these traits.
In the remote services space, it is how RDX intends to differentiate ourselves from our competitors. Outsourcing providers that manage large numbers of remote targets will be required to automate, or they will quickly lose market share to those competitors that do. It is RDX’s intention to be an innovator and not a “close follower” of automation technologies.
Database administrators are responsible for keeping data safe and available, and continuing their education is vital for them to stay current on the best practices and features of the database platforms they support.
Hi, welcome back to RDX. One way SQL Server DBAs can learn new skills is by registering for a SQLSaturday, an all-day SQL Server training event, near them.
RDX is a proud supporter of Pittsburgh’s SQLSaturday on October 4 at the Pittsburgh Technical Institute. Register to hear six RDX speakers share their knowledge about code tuning, new features in SQL 2014, and Business Intelligence. More details about all speaking sessions and registration can be found on Pittsburgh’s SQL Saturday website.
Make sure you stop by RDX’s booth for your chance to win a $100 Amazon.com gift card.
Hope to see you there! Thanks for watching.
Oracle OpenWorld 2014 is just around the corner, but what can IT professionals gain from attending?
Hi – welcome back to RDX. From September 28 to October 2, representatives from across the globe will travel to the Moscone Center in San Francisco to learn more about Oracle products and current IT trends.
Moscone North will feature presentations by Intel President Renee James, Oracle President Mark Hurd and Infosys CEO Vishal Sikka, among others. Discussions will focus on the implications of cloud computing, business transformations and streamlining data-intensive processes.
RDX is excited to participate. We’ll have DBAs present attending training sessions, and you’ll also find us at Booth 3455 in Moscone West, where we'll be discussing our services and offering attendees a chance to win a GoPro camera.
Thanks for watching! We hope to see you in San Francisco!
The post What to Expect at Oracle OpenWorld this Year [VIDEO] appeared first on Remote DBA Experts.
Database active monitoring may be the only way to truly secure enterprise IT assets, because many of the software deployments professionals are using aren't up to par.
The more sophisticated and complex solutions become – essentially, the more we as consumers and workers ask of them – the greater the number of vulnerabilities. Even the most assiduous programmers armed with an arsenal of fault-finding tools are bound to let unnoticed defects fall through the cracks.
Popular solutions rating high on risk scale
Beta News acknowledged a review conducted by Heimdal Security, which assessed Adobe Acrobat Reader, Adobe Flash Player, Oracle Java Runtime and Apple QuickTime's security capabilities based on the computer vulnerability severity system. The CVSS rates software on a scale of 1-10, with 10 being assigned to the most dangerous faults.
While Java Runtime received a 7.8, Adobe's two products were given an alarming 9.2. The latter two solutions, Acrobat Reader and Flash Player, are quite common among business professionals and consumer users alike. While the latter allows computers to play videos and other such media content, the former is a free PDF reader. These two programs are ubiquitous, arguably leaving many enterprises open to incredibly damaging attacks.
Why database surveillance is necessary
Heimdal Security CEO Morten Kjaersgaard told Beta News the makers of the aforementioned solutions (Oracle, Apple and Adobe) aren't taking the necessary steps to patch the discovered vulnerabilities as quickly as possible.
This obligates business professionals to take matters into their own hands. The faults noted in Flash Player, Acrobat Reader, Java Runtime and QuickTime could be exploited by hackers to gain access to mission-critical databases. If the resources and personnel needed to reinforce protection and conduct audits on a daily basis don't exist, then outsourcing to remote DBA services is imperative.
Only a "matter of time"
The Telegraph spoke with New York State Department of Financial Services Superintendent Benjamin Lawsky, who warned the source that a catastrophic cyberattack on the global financial system is imminent. He advised enterprises to take extensive measures to secure their environments, which may involve redefining how they set up defenses.
"[Cybercriminals] are breaking into everything," Lawsky told the Telegraph. "It is only a matter of time before something happens that is more systematic and problematic. I worry that we are going to have some sort of major cyber-event in the financial system that's going to cause us all to shudder."
Whether or not companies decide to take Lawsky's warning into consideration, that doesn't make securing all IT assets any less of a priority. In fact, it should be at the top of the list.
The post Database administrators may be the last line of defense appeared first on Remote DBA Experts.
Public authorities are regarding the benefits of moving operations to the cloud with a grain of salt.
While security will be a concern no matter what the technology, the primary reason why officials are so apprehensive of cloud computing is a perceived lack of control. A number of organizations already outsource to remote database administration services to secure environments and keep critical solutions operable, but putting an entire infrastructure in the hands of a private company is quite jarring.
Hesitating to advance
InformationWeek contributor Elena Malykhina noted a survey of 153 government IT executives conducted by MeriTalk, which discovered 43 percent of respondents compared transitioning processes to the cloud to giving his or her son keys to a new convertible. The research also acknowledged the following findings:
- Out of nine in 10 agencies, 42 percent are keeping security responsibilities on-remise while 41 percent are obligating cloud vendors to obtain cloud defense certifications.
- Exactly half of respondents are incapable of identifying which departments own certain data.
- More than half (55 percent) believe cloud technology will make it easier for authorities to organize digital information
As one can see, the general sentiment among many federal IT managers is that they lack the expertise and assistance needed to manage their databases and transition those implementations to cloud environments.
The rules of the trade
It's possible for remote DBAs to help allay these concerns. Replicating databases before migration and monitoring environments post-transition are both possible when outside assistance is received. With this in mind, there are several rules Government Computer News advised authorities to keep in mind in regard to cloud technology:
- Employ virtualization beforehand: In short, virtualization optimizes servers by allowing them to run more applications than is conventionally possible. The technology provides the basis of cloud computing.
- It doesn't have to be public: Surrendering all operations to a cloud provider isn't necessary. Private and hybrid environments are both valid options, as they allow organizations to exercise more control over their architectures.
- Look for compliance: One thing many government entities are already doing quite well is searching for cloud providers that satisfy standards defined by the Federal Risk and Authorization Management Program.
- Start with applications: Use Software-as-a-Service deployments before transitioning all IT assets over to the cloud. This will get users and administrators used to the technology.
Cloud computing isn't anything to be fearful of, but that doesn't mean cautionary steps shouldn't be taken. Consulting specialists to diagnose a provider's capabilities will give agencies a clear idea of whether a particular hosting company is the right fit for them.
The post How to transition government databases to the cloud appeared first on Remote DBA Experts.
Welcome back to RDX. A proper test environment should be a regular part of your business' Change Management Process. However, if Personally Identifiable Information (PII) is not removed from the test data, sensitive information could be exposed.
According to eWEEK, Mozilla accidentally exposed critical information in two separate incidents. The most recent was first reported August 27, and left 97,000 developers’ information exposed for approximately 3 months. The landfill.bugzilla.org development system exposed information including email and encrypted passwords. Initial disclosure is thought to have occurred during a database migration with a database dump including user data. Users of this system have been advised to change their passwords.
Mozilla is now revising their test plan to not include database dumps. An additional step businesses can take to protect their PII is to use two-factor authentication for access.
Thanks for watching!
The post Mozilla Working to Enhance its Security Process [VIDEO] appeared first on Remote DBA Experts.
While the retail sector has received much attention lately due to the prevalence of cyberattacks, utilities are also in grave danger of sustaining Web-based aggression.
Database administration services are acknowledging the persistence of Dragonfly, an organization of cybercriminals that focuses on infiltrating the industrial sector. Securing Web-based assets, as well as on-premise architectures, is imperative, as these carefully orchestrated hacks could leave denizens without power indefinitely
A grievous situation
Warwick Ashford, a contributor to Computer Weekly, noted an instance in which he and his team participated in the Kaspersky Industrial Protection Simulation role-playing game. The scenario presented a situation in which a regional water purification plant was infiltrated, leaving thousands of people without drinking water. In addition, the company sustained incredible losses within a five-week period.
The culprit? Dragonfly, a co-op based out of Eastern Europe that security firm Symantec has blamed for hacking more than 1,000 North American and European energy enterprises. Dragonfly specializes in disengaging industrial control systems, which manage electrical, water, gas and oil systems.
Why it's so dangerous
Ashford noted the water treatment company intended to train its IT staff in cybersecurity protocols, but apparently never got around to doing so. After a number of network audits were performed, the company recognized two unidentified Internet connections to the industrial control system. The IT department responded by setting up a number of firewalls.
However, after the security solutions were implemented, Ashford's team still received notifications of unhealthy chlorine levels in its firm's drinking water. Through phishing scams, the perpetrators were able to manipulate the industrial control system's output and filtration of chlorine.
While the aforementioned situation was simply a simulation, that doesn't change the fact that Dragonfly is capable of inflicting such damage. Imagine the harm such a terrorist group could cause in this scenario.
FierceSmartGrid noted one instance in 2011 in which Dragonfly initiated "Energetic Bear," a kind of attack that leveraged two remote access Trojans. These creations form a kind of bridge between cybercriminals and targeted architectures. Basically, they allowed Dragonfly to insert malware into a U.S. utility's databases.
The source noted a statement by Symantec, which maintained Dragonfly's initiatives are focused on "extracting and uploading stolen data, installing further malware onto systems and running executable files on infected computers."
It's this particular breed of cybercriminal that has instigated the need for database active monitoring. Maintaining a high level of thorough surveillance at all times is a must, especially for utilities distributing essential resources to consumers.