Savvis Locks Down the Cloud for the Enterprise

SAN FRANCISCO–(BUSINESS WIRE)–Building on the recent launch of its Cloud Compute solution, Savvis, Inc. (NASDAQ: SVVS – News), a global leader in outsourced managed computing and network infrastructure for IT applications, today announced a new addition to its flagship Cloud Compute and Virtualized Utility Compute offerings – the Savvis Managed Web Application Firewall (WAF) Service.

* he new service addresses the many challenges associated with securing virtualized web applications commonly used within global enterprises’ cloud computing environments.
* Savvis’ WAF service provides protection against Internet-based malware infection, a significant threat to web commerce. Recent studies indicate that a majority of all web-based malware is found on legitimate websites that have been compromised. Savvis’ WAF Service is specifically designed to mitigate these threats. It is available for individual enterprises and sits in front of the Savvis Cloud computing environment.
* Today’s announcement underscores Savvis’ commitment to delivering enterprise-class cloud computing solutions and supporting mission-critical business applications for many of the world’s top companies, including 40 of the top 100 companies on the Fortune 500.

Quotes

“As security vulnerabilities and threats proliferate, organizations are increasingly looking for innovative security solutions that will enable them to adapt to new emerging technology solutions and protect their online applications to prevent data loss and help them meet their regulatory requirements,” said Irida Xheneti, Security Services Research Analyst at IDC.

“In today’s evolving business landscape and changing economic environment, enterprise customers are increasingly looking for new ways to optimize their IT infrastructure spend,” said Chris Richter, Vice President of Security Services for Savvis. “Cloud computing solutions offer some very compelling cost benefits and are paving the way for an entirely new generation of data centers, but companies also demand solutions for keeping their data secure. The Managed WAF Service is a significant addition to our portfolio of security offerings for our cloud computing platform.”

Savvis WAF service details

Savvis’ Web Application Firewall Service leverages Imperva’sc leading SecureSpherec technology. Designed to help organizations protect sensitive financial, human resources and customer credit card data from application-based attacks, the service can:

* Accurately detect and block malicious web requests. The service combines a dynamic white list policy model with up-to-date application signatures, session tracking and correlation rules for precise attack detection.
* Monitor application activity and notify customers of potential attack activity. Imperva’s Correlated Attack Validation technology can correlate violations across security layers and over time to accurately identify the most complex attacks.
* Automatically learn the structure, elements, and expected usage of protected applications through Imperva’s Dynamic Profiling technology.
* Help prevent data leakage – SecureSphere can inspect outbound traffic to identify possible leaks of sensitive data such as cardholder data and social security numbers.
* Provide robust reporting of web application firewall activity through Savvis’ SavvisStation web-based management portal.
* Provide customers with a tool that helps them address their Payment Card Industry (PCI) Data Security Standard (DSS) obligations, including requirement 6.6, which mandates that companies must either deploy a web application firewall, or follow a methodology that involves regular application-vulnerability assessments and remediation, for their public-facing web applications.
* Bundle hardware and maintenance costs into an all-inclusive monthly service.

About Savvis Cloud Compute

Savvis Cloud Compute is a new virtual data center hosting and private cloud computing solution providing enterprises with an opportunity to minimize costs and increase business efficiencies without sacrificing security or performance. With an advanced customer portal, Savvis Cloud Compute gives customers the ability to purchase fractional compute resources on demand by the “instance” for a “right-sized computing” fit with flexible month-to-month business terms. This is especially important for enterprises that have substantial fluctuations in web traffic and computing requirements.

About Savvis

Savvis, Inc. (NASDAQ:SVVS – News) is an outsourcing provider of managed computing and network infrastructure for IT applications. By outsourcing to Savvis, enterprises can focus on their core business while Savvis ensures the quality of their IT infrastructure. Leading IT organizations around the world select Savvis to help them improve their service levels, reduce capital expense and deal with the rising costs of bandwidth, energy, real estate, staff and expertise. As a pioneer in utility computing, Savvis understands and harnesses the latest advances in technology like virtualization, cloud computing and support process automation. For more information about Savvis, visit www.savvis.net

Savvis Forward-Looking Statements

This document may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Actual results may differ materially from Savvis’ expectations. Certain factors that could affect actual results are set forth as risk factors in Savvis’ SEC reports and filings, including its annual report on Form 10-K and all subsequent filings as well as the risk that potential product cost and performance benefits may not be realized for any particular customer. Savvis assumes no obligation to update or supplement forward-looking statements.

資料來源：Yahoo

一套完整的加密系統，並不像一般人想像的那麼容易，「事實上，我們每個專案都是5年以上長期的專案，」Thales資訊安全部東北亞區總經理朱偉年表示：

「加解密設備並不是放著就可以，後續還有軟硬體更新維護等問題，因此為了確保安全性，多半都會以長期專案進行。」
密碼學是一門專業學問，密碼專家與駭客間的鬥法是無止盡的，因此需要不斷編撰設計新的演算法與密碼本，才能夠抵擋各式各樣試圖破解密碼的方式。
也因為此項資安解決方案的特殊性，讓大多數企業在導入加密解決方案時，會傾向以委外方式，不過這也會引起另一種疑慮：加密委外安全嗎？便有政府官員認為臺灣應該發展自己的加解密技術，以確保自身資安系統的安全性。
「這項疑慮是許多人共有的想法，」朱偉年認為，「特別是牽涉到可以直接接觸機密資料的解決方案，更是會讓人擔心委外時可能的風險。」資安廠商最難的就是如何建立企業對該產品或解決方案的信心，不但需要長時間的努力，還需要更多成果呈現，才能讓越來越多企業瞭解並接受。

加密還需硬體搭配以發揮成效
加密的方式分為硬體加密與軟體加密，但許多人會認為硬體加密價格較高，且後續維護較為麻煩，為了成本與管理上的便利性，有許多企業會選擇軟體式加密。
無論如何，加密是一定要靠軟體運算及比對才能執行成功，那為什麼又需要有硬體式加密設備呢？「這是基於3點原因考量，」朱偉年回答：「首要要求就是效能、依次則為穩定性與安全性。」
硬體式加密設備是經過特殊設計的架構，因此能夠全力發揮加解密的效能，效能自然比軟體更高；而專屬硬體則可以減少因為零組件失靈而導致的故障發生，讓穩定性更高；最後就是經過特別設計的安全外殼，可以避免外力入侵甚至破壞，確保內藏的加密晶片與諸多資料的安全性，朱偉年也舉例，「部分客戶有特殊要求，甚至會在非法破壞外殼時，自動銷毀內部資訊！」
而過去硬體式設備在更新時，必須要連同更換內部加密晶片，才能達到升級的功效。「一個人提著一個鐵製的公事包，而公事包直接鎖在手腕上，藉此確保運送過程的安全，這就是一般人對硬體式加密設備在維護時的印象，」朱偉年解釋，「但Thales的硬體式加密設備 (HSM)已經突破這點限制，能用更方便且安全的方式更新維護。」
現在Thales新一代的硬體式加密設備，已經不需要專人長途跋涉以更換內部晶片，藉由身分認證與設備認證的雙重保障，以及新的晶片設計，可以讓用戶透過集中管理機制，從遠端派送各種軟體更新套件，不需要更換內部晶片，也能夠讓設備隨時保持在最安全的狀態。「對於某些需要定期更新加密金鑰的產業而言，這樣的更新方式可以大幅縮短所需的時間，同時節省人力與經費，」朱偉年表示，「提供集中管理機制，更能夠讓企業充分掌握各項設備的狀態，以最短的時間處理各項設備狀況。」

法律規範會影響資安架構
在資訊安全領域中的技術已經達到成熟階段，各項新的資安技術只是讓強度更高、效能更好，但是要如何規劃資安架構並解決問題，這並不是技術所能夠解決的。「技術在某方面而言，只能解決資安問題中的一小部分，」朱偉年認為，「其實對於資安相關廠商來說，更重要的是在該領域所會發生的問題及經驗。」
一家好的資安廠商，除了推出良好的資安設備之外，同時應該還要有良好的經驗為輔。「經驗與技術其實是相輔相成的，」朱偉民表示，「沒有好的經驗，就沒辦法將技術發展到最佳狀態；而有好的技術卻沒有經驗，就沒有辦法規劃出最佳的解決方案。」特別是高度要求架構完整性的資訊安全解決方案而言，有任何一點小疏失都有可能造成大災難。
不過除了經驗之外，法律規範也是影響資訊安全的一大主因。「國際上逐漸重視資料外洩方面的法律規範，」朱偉年表示，「像是美國、日本或歐洲國家，都對於資料外洩及內部管控等方面訂定相關規則，促使企業正視因為資料外洩引起的各項企業危機。」
但在臺灣，由於法律規範的部分欠缺，導致企業並不會太積極主動去瞭解並面對相關問題。「事實上光靠設備並不足夠，」朱偉民認為，「除了設備本身的功能之外，設備的管理與維護也相當重要，但更重要的是人的使用態度。如果以不當或是隨意的態度使用這些產品，再好的產品也沒辦法避免資安危機。」

    * Visa/MasterCard/AE信用卡發卡/收單/驗證預設規格
    * EMV 3.1.1, EMV 4.0, EMV 4.1完全符合標準
    * ATM, POS, EFTPOS, Corporate banking, card issuing, funds transfer, stock/share trading交易
    * 完全支援FISC一代、二代金融卡
    * RSA Public Key Support
    * Europay Security Platform
    * TR-31 Key Management
    * 加密器本身Ethernet/Async/SNA/ESCON介面支援
    * 真正跨所有主機平台架構