October - 20189GOVERNMENT CIO OUTLOOKand NAC solutions now presents a complex maze for any potential hacker or cyber assault to find. This does not mean that we won't still face a cyber-attack, but it does mean that if there is an attack, the attacked won't have far to crawl around in our network. This architectural change, although expensive and time consuming to implement gave the City the platform to build multi-tenant solutions that grants controlled visibility and data sharing without the enterprise wide cyber vulnerabilities of old.In MPCS, the general concept builds on the SPB protocol foundation, but thenis structured into a VSN channels and series of internal firewalls and network monitors, segregating the Server farms and services to the targeted audiences. We are currently working on multi-homed ISP services that present redundant paths and load balancing to improve the services experience for our customers. This especially helped us in the realm of our Police Department which has the most difficult regulatory constrains under CJIS (Criminal Justice Information Services) Regulations, but also still needs to be open to explore all the dark places that lie in cyber spaces. With this MPCS structure, we are able to give the full services necessary to run the PD, but not open the entire enterprise to any PD potential vulnerabilities. Over the past few years, we have been hit by a multitude of attacks by one means or another, but were able, thus far to walk away with only the affect felt by the injection point workstations.The next piece to this puzzle was in the command and control of the user population, which is centered around Microsoft's Active Directory controls and ADFS. AD gives us a role and policy based control point to further sculpt and control a single sign on environment; another word, who gets on and where do they get to go. A primary concern when structuring this design was the need to have instantaneous control over the access from a single control method.Lastly, the MPCS structure included the redesign of our server farms and switching to accommodate the dynamic nature and changing business needs of our enterprise and provide the next critical function of a MPCS structure: High Availability (HA). By converting all our services into this virtual environment we added the next layer to the maze that gives us scalability, isolation and HA. Across our data centers, we can roll, move or isolate any of our core service functions to adapt to most situations and provide the maintenance access without interruption of services. Being able to granularly segment and isolate any application is critical to the design objectives because with it, we can deliver the services in the right dosage that gives our customers a quality and secure experience.Once the design and structuring was completed we quickly build out the monitoring and control mechanisms for the enterprise using SNMP traps, probes and pattern modeling tools to give us granular visibility into the performance and activities within the enterprise. These tools also provided a second benefit in that we can tune and improve the efficiency of our data services delivered.It is not possible to explain the complexity of this design in a few paragraphs, but it suffices to outline that in this new IT paradigm, organizations who still wish to insource their operations for the security, control, cost containment and efficiency will need to fully redesign and retool there enterprise. The focus should be security and segmentation first; monitoring and control second; and culminate with excellent service delivery.
< Page 8 | Page 10 >