Prevention and Detection – Fight off Fraud

Audie Hittle

Audie Hittle

The statistics are frightening.

On November 19, my colleague, Marshall Presser, Field Chief Technology Officer at Pivotal, spoke at the MeriTalk Stealing from Uncle Sam event – a forum on fraud, waste, and abuse in Federal government in Washington, D.C. At that forum, government and industry panels discussed best practices and challenges in combating fraud. The discussion primarily focused on scams that target Medicare, Medicaid, and tax returns.

Marshall also presented at the EMC Federal summit in late October, and here are my thoughts from his excellent presentation:

There is a huge opportunity for agencies to be proactive in preventing fraud, waste, and abuse. For example, once a crook walks away with Medicaid money they aren’t supposed to receive, reclaiming the funds is very difficult, and costs to the government are extremely high. So, the best strategy is to prevent fraudsters from achieving their objectives and getting away with the money in the first place – whether it’s through identity verification, adaptive authentication, or enterprise content management solutions.

That said, the ability to detect fraud in progress is also critical to effective and efficient operations. Real-time analytics of many structured and unstructured Big Data sources is necessary in order to detect fraud quickly and efficiently. EMC’s fraud detection solutions provide 24/7 monitoring and detection, real-time alerts and reporting, forensics and countermeasures, and site blocking and shutdown. For example, EMC’s Anti-Fraud Command Center (AFCC) has shut down more than 500,000 cyber attacks in 185 countries, and has worked with more than 13,000 hosting entities.

Choosing the right technologies is vital for preventing fraud in any scenario, including identity verification and authentication technologies. EMC identity verification, for example, provides strong authentication and fraud prevention services that validate user identities in real time – reducing the risk of identity impersonation. In addition to reducing operational costs and fraud losses, this solution confirms identities within seconds – making for a fast and efficient strategy to combat fraudsters.

To learn more about how your agency can combat fraud, waste, and abuse, check out our white paper on the topic.

Magic Technology for your Agency – EMC Named a Leader in Gartner Magic Quadrant

Karen DelPrete

Karen DelPrete

Gartner recently released its first ever Magic Quadrant for Solid State Arrays (SSAs), naming EMC a leader for our XtremIO arrays and VNX-F technology – solutions that are redefining the SSA space. Flash arrays used to be expensive, limited, niche devices – until EMC brought these technologies to the market.

XtremIO is not your average flash array – yes, it is great for boosting performance on agencies’ mission-critical applications, but it does much more than that. Through its use of a scale-out clustered design, powerful operating system, and responsive system management, XtremIO also streamlines and simplifies provisioning and tuning complexity. This solution, as my colleague CJ Desai put it, has proven to be a truly “magic technology.”

Also redefining the flash arena, EMC’s VNX-F all flash arrays modernize the space, providing a highly effective configured data storage system, purpose-built for price, density, and speed. On September 10, EMC announced updates to the VNX-F – including the new models, VNX-F5000 and VNX-F7000 – that deliver higher density and lower entry price than ever before. These new offerings are designed for today’s mission-critical apps that require dedicated storage arrays.

These technologies bring new opportunities for Federal agencies, who are working to tackle mandates like the Federal Data Center Consolidation Initiative (FDCCI), aimed at reducing the quantity of data centers and minimizing power requirements. Agencies need new approaches. While the goal is to decrease the number of data centers, according to recent MeriTalk research, 72% of Federal IT managers said their agency has maintained or increased their number of data centers since FDCCI launched in 2010. Only 6% gave their agency an “A” for consolidation efforts against FDCCI’s 2015 deadline. As agencies work to achieve ambitious consolidation goals, technologies like XtremIO and VNX-F that maximize performance and minimize footprint, power, and cooling are critical.

To read more about this announcement (and why Gartner is paying attention to this technology), check out related blog posts from my colleagues CJ Desai and Dan Cobb.

“Wait, can ECS run Oracle?”

Stephen Klosky

Stephen Klosky

Advisory Systems Engineer, Cloud based Object Storage Systems, Federal, Advanced Storage Division at EMC Corporation
Advisory Systems Engineer, Cloud based Object Storage Systems, Federal, Advanced Storage Division, EMC Corporation

This was one of the most interesting questions which came up when I briefed EMC’s Federal division on the new Elastic Cloud Storage (ECS) appliance.

With my recent focus on Object Storage, I hadn’t considered the ECS Block Services applications. Illustrating the block capabilities on ECS is new territory for me, and opens a whole new realm of possible system configurations.

During the briefing, there was a good discussion about the ECS block performance. Afterward, I dove deeper into the ECS block details. I connected with our ScaleIO Subject Matter Expert (SME) and our Oracle SME, and I learned a good bit in the process. I thought it would be helpful to share my findings.

wait, can ecs run oracle

Point 1: Oracle can run on most any block device. So, it’s technically possible to use ECS for Oracle.

Point 2: Oracle on ECS needs to be examined and validated on a case-by-case basis. Oracle system requirements range widely. So, just because Oracle can run on ECS, it doesn’t mean that ECS is the best platform or that ECS will meet the system’s requirements. This is an old “lesson learned” in the storage arena. We know that we have to fully understand the performance characteristics of both the system applications and its arrays.

So, where does it make sense to position Oracle on ECS? Where can we leverage ECS Block Services in our data centers?

Use Case 1: Small Scale Development Enclaves. The “Development Sandbox” use case is a great fit for ECS Block Services. With the ViPR-powered Self Service Catalog, the storage team can provide a self-service portal for the development team to stand up required classes of storage on demand. This approach reduces time to deploy, reduces administrative overhead and creates a reusable, recyclable, standard process for block data services.

Use Case 2: Extending Capacity. The ScaleIO engine for ECS is an exciting new technology. With a ScaleIO storage network, performance increases when more devices are added. So, if the system is currently performing well, and simply needs additional storage capacity, we can use ScaleIO to enable the current system, then add capacity with ECS frames.

Use Case 3: Tier 2 or Tier 3 Databases. If the storage team recognizes databases which have less demanding requirements, ECS is a great value for hosting this storage.

Bottom Line: It Depends. Like any “engineering questions,” the answer is “It Depends…” Sizing ECS Block Services for any workload requires proper engineering and analysis to ensure the system is properly sized to meet business requirements.

Security, Meet Functionality.

Brett Stafford

Brett Stafford

Director DOD Strategic Programs, Federal Division at EMC Corporation

In this day and age, it seems like a major data breach hits the news nearly every week. Attacks are becoming more sophisticated, hackers are becoming stealthier, and the impacts of these attacks are more widespread. Cybersecurity is a major concern that affects every organization, and especially those containing sensitive data like government agencies. In fact, a recent survey from TechAmerica found that cybersecurity is the number one priority for Federal CIOs and CISOs, even above cloud computing and transforming IT operations.

At the same time, however, employees increasingly demand more functionality from their mobile devices and IT systems. EMC’s recent Privacy Index study found that 91% of respondents value the benefit of “easier access to information and knowledge” that digital technology affords, and 27% say they are willing to trade some privacy for greater convenience and ease online. In a world of constant connectivity, we expect our technology to “just work,” whether we’re sitting in our office or at the gate of an airport. And the growth of mobile has meant that government employees can now work from nearly anywhere at any time, making productivity easier than ever. The problem: Security does not always correlate with productivity.

So how do we find the sweet spot where security meets functionality? Last year EMC commissioned Vanson Bourne to do a study on the Global IT Trust Curve that assessed 3,200 global respondents equally split between Business (1,600) and IT (1,600) leaders, including public sector. The results suggest that “Low decision maker confidence in IT can be related to lack of Trust Maturity,…and that 55% of respondents believe their senior executives are confident that they have adequate data protection, security, and availability…” to meet the current mission needs.

At EMC we view Trust as a co-equal balance of enterprise data protection capabilities: Integrated Backup and Recovery, Information Security/Cyber and Continuous Availability (comprehensive disaster recovery/continuity of operations capabilities).

My colleague, Vic Bhagat, recently wrote about this topic on EMC’s Reflections blog, where he notes that organizations can still be productive without compromising employee security or privacy. Where is your organization on the Trust maturity curve? If you don’t know, or would like to learn more, I invite you to check it out and learn more about how EMC is helping customers navigate this issue in today’s changing landscape.

Capitalizing on Hybrid Clouds

David Goulden

David Goulden

Chief Executive Officer, EMC Information Infrastructure at EMC Corporation
Chief Executive Officer, EMC Information Infrastructure at EMC Corporation

If CIOs and their IT organizations want to maintain their business relevance – and be in a position to expand their business contribution – they must leverage mobile and social, as well as new technologies and services for business innovation. They need to complete the shift to a services-based provisioning and consumption model. It’s also critical that they enable business to put Big Data and analytics to work, all while maintaining security and business continuity in an extended-platform world.

All these roads lead to Hybrid Cloud.

Hybrid_cloud-290x300

Hybrid clouds incorporate the advantages of both public and private clouds.  They are more than just a bridge between the two.  They offer access to a wide array of applications and services like public clouds, with the reliable performance and security for critical business applications of private clouds.

The hybrid cloud model enables IT organizations to choose where they host their workloads. It also increases business agility – the flexibility to use a variety of services, the scalability to keep pace with business volume, the efficiency to keep costs to a minimum, and the ability to protect data and other technology assets.

Want an even more rigorous definition? Hybrid cloud is an integrated, automated, scalable and secure platform for provisioning and consuming business applications, datasets and other technology services that originate either inside or outside an enterprise.

We’ve put a lot of effort into implementations based on these criteria because it’s the capability companies need today. No contemporary corporation should settle for less.

Heightened Security with Hybrid Cloud

One of the immediate opportunities for hybrid cloud relates back to security. An added dimension to security today is real-time analysis of what’s happening across all of an enterprise’s networks. Traditional perimeter defenses are being redefined and supplemented to protect against the growing onslaught of cyber-intrusions.

You can’t build a hard shell around the enterprise when your employees and customers can be anywhere anytime. On top of that, no one can prevent all intrusions, so it is increasingly vital to detect attacks and reduce their “dwell time.”

Data analytics help spot anomalies quickly, isolate problems, and take action. This is like the non-stop, high-volume fraud detection applications used by credit card companies. It requires assembling, scanning and analyzing vast quantities of granular and diverse data. Hybrid clouds provide a scalable, efficient and manageable platform for these new “data lakes” needed for security analysis.

In addition, securing sensitive business assets in the public cloud has become a serious pain point for companies. You have to negotiate how to map and recreate your security apparatus to fit into an external service level agreement. It’s laborious and results have not inspired confidence so far from what I hear. Companies lose data and transactions in public cloud failures. These public cloud security issues have limited the business flexibility that cloud is meant to deliver.  This is not the case with hybrid clouds.

CIOs know that their most important role isn’t provisioning and running the computing environment, essential as those activities are. It’s to encourage and enable their business to use technology strategically. This includes both implementing business strategy and formulating it in the first place. Hybrid cloud should be part of the business discussion today and the business capability tomorrow with the CIO leading the charge.

This post is adapted from What CIOs Need to Know to Capitalize on Hybrid Cloud.

This post was originally published on our sister blog Reflections, where senior leaders at EMC blog regularly on trends in information technology.