The new BIA architectural approach protects data against today’s most problematic information security challenge

Through OEM partnerships with industry leaders such as HP, EMC and Quantum, Crossroads has installed more than 125,000 systems with the premier proven quality and reliability required for enterprise-class backup operations. Crossroads continues to build a network of distributors, value-added resellers (VARs) and system integrators (SIs) to increase the visibility and market presence of its solutions. Crossroads' new partners benefit from 24/7 support as well as a multitude of sales enablement tools. Crossroads' patented core routing messaging interface (RMI) technology. Crossroads’ customers are armed with highly-resilient data protection, proactive data security and intelligent storage connectivity to solve today’s business challenges, including: information security, data protection, information assurance, business information assurance, business continuity, disaster recovery, data privacy, risk management, fraud prevention, corporate governance and regulatory compliance.

Name: Ms. Anyck Turgeon
Position: Chief of Market Strategy and Security
Company: Crossroads Systems, Inc.

In the following interview, Ms. Anyck Turgeon, Chief of Market Strategy and Security of Crossroads Systems, Inc. discusses 1:1 with Rake Narang, Editor-n-chief of Network Products Guide, the new BIA architectural approach and how it protects data against today’s most problematic information security challenge.

Rake Narang, Editor-n-Chief - Network Products Guide: What was your (individual) involvement in Business Information Assurance?

Anyck Turgeon, Chief of Market Strategy and Security of Crossroads Systems, Inc.: Responsible for creating and coining the term “Business Information Assurance (BIA),” I proved forward-thinking in my effort to uniquely approach the security of data throughout its entire lifecycle. Months, if not years, before companies began strategically aligning both security and storage solution, I began to position Crossroads as a holistic provider of BIA solutions for enterprises.

This new BIA architectural approach protects data against today’s most problematic information security challenge – the insider threat, as well as opens the door to full convergence between security and storage within a unique platform. For today’s business to remain in business, it is critical that IT managers gain access to their corporate information whenever they need it. 

Even if the data was stored yesterday on disk or two decades ago on tape, it is critical to be able to gain access and ensure the integrity of the data one accesses for long-term business viability and to meet legal requirements such as e-discovery.  Getting access to data (today, tomorrow, or in 100 years), as well as securing and protecting you data through its entire lifecycle, is now a fundamental need for all businesses. 

From retailers to high-tech companies to financial institutions, all verticals have a need for a simple, integrated and cost-effective approach to protection, securing and accessing information. Companies and governmental agencies of all sizes can benefit from developing their current data security models by implementing the simple concepts of BIA. 

Rake Narang: Did you have any other team members helping you with Business Information Assurance? Please name them if yes.

Anyck Turgeon: In conjunction with consultations from leading industry analysts such as Doug Laney, I worked closely with Crossroads’ management to outline and introduce BIA. As the process progressed, Anyck consulted with Rob Sims, the CEO of Crossroads Systems, as well as the following “forward-thinkers” who helped frame BIA:

Carolyn Purcell (Executive Consultant for 25 years)

• Head of Internet Business Solutions Group at Cisco
• Former CIO for the State of Texas

John Stenbit (Information Assurance Executive/Veteran)

• Former CIO at U.S. Department of Defense/Pentagon
• U.S. representative at NATO on Information Assurance

Rhonda MacLean (Information Security Leader)

• CSO at Barclays
• Former CISO at BofA & specialist at Boeing Company
• Recognized information security expert 

Larry Lozon (Executive with 25+ years of expertise)

• Chairman & CEO at IDEAwerx
• Formerly in sr. mgmt roles at GM, EDS & Persona

Andrew Heller (Executive with 30 years of expertise)

• Founder of RISC chips and “Godfather” of AIX
• Former partner for Kleiner, Perkins, Caulfield and Byers
• Chairman and CEO of Fujitsu/HAL

Ann Cohen (Executive with 25 years of experience)

• VP at EDS generating in excess of $4B
• "Federal 100" winner

The following industry visionaries have also worked closely in support of the BIA approach:

• Maurice Stebila - Compliance Manager, GM/EDS
• Jean-Pierre Champigny - First Vice President & CIO, Crédit Industriel et Commercial
• Robert Rodriguez - Retired U.S. Secret Service (22 years)
• Jon Toigo - CEO, Toigo Partners International
• David Hill - Founder, Mesabi Group

Rake Narang: How does your company implement Business Information Assurance i.e. is it an add-on service?

Anyck Turgeon: BIA is the methodology that Crossroads offers its vast client list – implemented through powerful, affordable solutions that make sense. BIA is the discipline of:

• Identifying the threats and vulnerabilities leading to breaches
• Implementing a coordinated set of breach monitoring, alert and prevention functions
• Introducing necessary compliance reporting facilities

BIA goes well beyond password protection and firewalls to monitor and ensure also against authenticated misuse and inappropriate authentications.  Authenticated misuse is when appropriately requested information is used for a purpose other than that which it is intended or allowed.  Inappropriate authentication happens when an information request from an authorized source occurs at the wrong place, time, frequency, or other pattern that indicates information misuse or a specious authentication.  

Business information assurance is based on three key principles:

• Accessibility – Information is in the expected location and format when requested.  The unauthorized withholding of information from authorized applications and individuals is detected or prevented.

• Security – Information received by an authorized application or individual is identical to the information that was sent.  The unauthorized alteration of information in-transit is detected or prevented. As a result of automated auditing, individuals and applications sending and receiving information cannot deny at a later time that they did not send or receive the information requested.  Information requests and transmissions are securely and independently recorded.

• Resiliency – Even in the event of system failure, data remains available at all times. 

Business Information Assurance Solutions

Implementing effective BIA requires a set of services that works in concert with, yet independently from, network, application and database security features.  These include:

• The means to define a centralized set of business-user driven security policies
• Real-time monitoring of authentication and information requests
• Controls that either can deny access prohibited by security policies and alert appropriate individuals when likely breaches have occurred or been attempted
• A secure, independent mechanism for recording authentication and information requests, and denial and alert events in a secure, independent archive
• A reporting and auditing feature for performing compliance reporting and forensics

Ideally, these services should be implemented via a specialized technology that is flexible, non-intrusive and does not degrade business system performance.

Rake Narang: Did Business Information Assurance become important for your company after you joined or was it existing before you joined the company?

Anyck Turgeon: BIA was coined and outlined by me as I interacted with IT and business leaders internationally and felt the need to developed a methodology that would answer today’s needs. I joined Crossroads Systems in 2005 following Hurricane Katrina and 911 where I experienced first hand losses and discovered the need for additional information security solutions that would cover the entire lifecycle of data. Today’s current security architectures are primarily focused on the end-perimeter solutions that focus on external threats.  As most of the valuable corporate information is stored on large storage environments, I felt that data also needed to be protected throughout all of its storage and processing stages. The convergence between security and storage is very key to the survival of companies on a long-term basis.  As such, given that 70 to 80% of the times, data is breached by internal resources – maliciously or not, it is important that security policies and procedures be put in place to secure the data at all times.  I served as the primary methodology “champion” and led the Company’s global effort in introducing the methodology to many of the world’s largest organizations, the Company’s partners, and industry groups.

All About Crossroads Systems, Inc.
Head Office Address: 11000 North MoPac Expressway, Austin, Texas 78759
Founded in: 1996
CEO: Rob Sims
Public or Private: Public
Products: Crossroads offers the following simple, integrated and affordable solutions using reliable, high-performance appliances:
• ReadVerify™ Appliance (RVA) proactively monitors tape media and the overall health of drives.
• ShareLoader® protects data on laptops, desktops and remote ofices, allowing end user restores.
• FileMigrator Agent (FMA™) migrates inactive or rarely-used data from Windows-based file servers to Network Attached Storage.
• Virtual TapeServer offers high-performance, disk-based backup & recovery.
• TapeSentry® provides pro-active data security using tape encryption and robust key management to prevent data breaches and data losses.
• Fibre Channel (FC) Storage Bridges and Storage Routers offer seamless, reliable connectivity and protocol conversion from the FC Storage Area Network (SAN) to SCSI tape and disk storage device interfaces.
• Storage Controllers bring intelligent storage networking capabilities to enterprise tape libraries and JBOD systems.
• ServerAttach enables new or existing SCSI based servers to access Fibre Channel (FC) storage at an amazing 160 MB/s maximum peak performance.