Transparent and user-friendly end-to-end security - from the terminal to the data center
The FUJITSU Security Solution SURIENT is a new type of end-to-end IT security system. It provides secure application environments based on existing infrastructures and enables a very high degree of security, especially for sensitive data and processes. The user-friendliness and performance levels remain high.
The security concept based on FUJITSU SURIENT covers data centers, data transfer and terminals as well as the sensors which play a central role in the "Internet of Things". The concept is based on results from the research and development project "Digital sovereignty“ and comprises various modules. It is this possible to adjust the protection levels to the various requirements. The modules can be used individually or in combination.
The following components were presented at Fujitsu Forum 2015 and will be available between March and December 2016:
SURIENT MRS (Managed Rack Solution)
Fujitsu offers with the Managed Rack Solution module the protection of 19´´ racks from non-authorized access – by integrating electromechanical locks and sensors. The rack door can only be opened when the lock was externally unlocked before. The unlocking occurs only when the suitable employee has been authenticated via PalmSecure ID Match (PS ID M), based on palm vein scan and the requested access rights. The opening and closing of rack doors is monitored by special sensors. Additionally vibrancy sensors can recognize and report break-in trials. All activities are provided via logfiles to the monitoring system – enabling an according logging for full audit capability. The Managed Rack Solution is designed for security requirements at medium level and is already available.
SURIENT SRS (Sealed Rack Solution)
The Sealed Rack Solution (SRS) module offers a higher security level than the Managed Rack Solution (MRS) module. Additionally to the MRS security features we offer with the SRS Module an own control unit with an integrated uninterrupted power supply in an distinct cage and herewith separated from the productive system for monitoring and controlling of the rack. This enables amongst others the automatic execution of activities in case of certain events, e.g. in case of oppressive opening of the rack the controlled shut down of the server or switch to power-off . Depending on the protection requirements it can be technically enforced with a "double-check" feature (4 or more eyes) that the door of a security rack can only be opened jointly via a defined group of persons. This solution will be available for pilot customers at the end of 2016.
SURIENT EBS (Encrypted Boot Solution)
The new Encrypted Boot Solution (EBS) is based on technology patented by Fujitsu. The module is used to start IT systems in the data center with encrypted system partitions and without having to enter a password manually. The passwords are created and transferred by the system decentrally and are not even known to the administrators. This provides effective protection against non-authorized access by employees. The Encrypted Boot Solution can already be used in projects.
SURIENT SCS (Stealth Connect Solution)
The Stealth Connect Solution (SCS) ensures that today's external attack methods against servers and services will be unsuccessful. Authorized users can log in via a secure Virtual Private Network (VPN) in the data center. The solution disables the server process VPN port and an attacker does not receive any response to his port scans and is thus not provided with any information about the location of possible attack points. A Zero Day Exploit and Man-in-the-Middle attacks are made extremely difficult as a result of this "digital stealth" function. The module will be available as of Autumn 2016.
SURIENT SAS (Sealed Application Solution)
The Sealed Application Solution (SAS) module ensures effective protection for applications on terminals, such as PCs, tablets, workstations and notebooks. It is a highly-secure runtime environment which is started parallel to the operating system. The applications and data processing run completely separated from the hardware and operating system in this encapsulated environment . Applications and data can thus be protected against attacks in a very effective manner. The solution is not dependent on any manufacturer and can be used on all standard-based terminal systems; it is suitable for processing sensitive company data and for applications, such as online banking. The solution will be on offer for pilot customers at the end of 2016