Keeping Security Manageable
By Srivatsan Srinivasan
Druva's inSync is based on a simple idea: Build a robust, reliable endpoint protection solution that can be installed without a bulky process, reading tons of knowledge base articles, or making half a zillion support calls. Usability for IT administrators and end users has always been critical to us, and several years later, we’re still proud that customers can install inSync by themselves in 20 minutes. So when we wanted to make sure that inSync adhered to the strictest security standards in the industry, we weren’t willing to compromise on user experience.
Anyone with even cursory experience in security administration will agree that ease-of-management and security don’t always go together. As best practices, tools, and technology have evolved over time, it’s become simpler to get a relatively useable degree of security with some effort. Yet implementing enterprise-grade security without sacrificing usability takes a lot of innovation. We’ve worked hard at this, and I want to share a few of the things we’ve learned along the way.
The overall security of an on-premise deployment depends on two things: the application itself and the environment in which it runs. Because the environment can vary, we’ve put measures in place to ensure out-of-the-box security regardless of the particular infrastructure.
For example, SSL is an industry standard to protect data in transport. We wanted inSync to use SSL, regardless if a customer has a default, unsigned certificate or a self-installed valid, trusted one. It might have been easier to ask customers to jump through hoops to set up the configuration, but we didn’t want to offload this overhead at the cost of making more work for the IT administrator. Instead we use SSL in an innovative way to solve this problem for everyone, even when a customer doesn’t have a signed SSL certificate.
Another way we enhance inSync’s usability is that it integrates with an organization’s existing security framework. This means that it works with existing authentication mechanisms such as Active Directory (AD) and LDAP, as well as is easy to configure for existing firewall rules and any other security policies. Administrators can extend their existing policies to include inSync without needing to put separate configurations in place.
With our public cloud deployment, we had to look at security a bit differently. We know that customers sometimes have anxiety over cloud storage, since it requires that they send their critical data to third-party servers. We knew that to bring the management benefits that can come with the cloud, we needed to provide the confidence that comes with the industry’s best security. We chose the hosting provider that offered the most stringent security available and then focused on building a secure cloud application infrastructure. Our customers are now able to offload entire sets of compliance, governance, and infrastructure management hassles to us that would otherwise take a large team of trained IT administrators to manage. IT staff can focus their efforts on other concerns than the day-to-day management of their backup storage infrastructure.
It’s always going to be a challenge to ensure the highest possible security without compromising experience. We’re committed to doing so, and look forward to sharing what we learn.