The Secure Data Retrieval Server (SDRS)
A Compliance Appliance for the EU Data Retention Directive
With the imminent introduction of the new EU Data Retention directive all communications service providers will be faced
with a new business process challenge, or a massively increased technology challenge or indeed both. In creating the Secure
Data Retrieval Server (SDRS) CopperEye and Sun MicroSystems have created a “plug & comply” solution built upon best of breed
technology adhering to open standards. The solution is delivered as an appliance, where performance does not equate to vendor
lock-in, and which addresses the whole range of business and technology challenges. The solution exhibits unbeatable
performance and requires the smallest physical and energy footprint in the industry.
The SDRS is a new approach to meeting the data retention and retrieval needs that is affordable, quickly implemented,
energy efficient and a perfect match to the requirements compared with other, far more costly and complex solutions
To date, meeting the requirements of the EU Directive caused a costly distraction from core business and IT projects and
activities. With the SDRS there is no need to compromise budgets, solution performance or other business objectives in
order to comply.
Links
Most communications companies already retain much of the data required to satisfy the EU Data Retention mandate, (Source CDR files, SMTP / POP3, Authentications log files etc). The SDRS ‘compliance appliance’ utilises the latest generation of AMD based systems to deliver massive storage capability whilst completely resetting the bar for price performance. The challenge is therefore not that of retention but in fact that of retrieval. For the directive to be appropriately implemented retrieval should be specific, to the security initiative in hand, that is as needed to satisfy the request for communications information by an investigating body and not as needed to perform broad analytics of all communications. In short, this means the ability to perform an almost surgical approach to data retrieval, where the surgeons are security cognisant and thoroughly audited. Queries against massive volumes of data should rapidly deliver only the appropriate data to fully satisfy the request, confidently balancing civil liberties and data privacy concerns with the absolute need to protect public and national security interests.
In order to meet the challenges facing Communications Service Providers (CSPs), CopperEye and Sun have identified that current data management approaches are insufficient to meet the compliance and security requirements of today’s heightened compliance regulations. By integrating high levels of security and evidential integrity with efficiencies possible through new indexing and server technologies, the challenge of meeting compliance without significantly impacting operating costs can be solved both economically and ecologically.
To comply with the specifications of the EU Directive on data retention any data retrieved must be of evidential quality, (sufficient to support efficient investigation processes and potentially future legal prosecution), which means that ideally it will not have been through a range of processes which could have affected its accuracy or timeliness. As such the most appropriate place to capture the data is at its initial source which is typically the files generated by network equipment or servers. In most large networks due to the evolution of the network over time, these source files will vary in type and structure but will generally contain the necessary elements of data to meet with the mandate’s requirements.
Taking this approach also massively reduces the potential of impact to existing revenue generating systems. The Greenwich software solution from CopperEye is at the heart of the Secure Data Retrieval Server (SDRS) and is perfectly matched to these requirements in that it does not move, modify or further load any of the data. Essentially, the data remains in its original format, in read only files on cost effective storage. As new communication data is generated, (at volumes up to billions of transactions per day), this revolutionary approach ensures that maintaining pace with even the largest communications network is no longer a technology constraint.
Greenwich’s innovative indexing and archiving technology, we call it ‘Live Archiving’, ensures that query results are obtained in seconds as opposed to minutes or even hours. In addition to addressing the data integrity and security challenges Greenwich also delivers a solution to the business process challenges presented by the increased scope of the EU Communications Data Retention Directive. The SDRS incorporates a configurable workflow management system which supports national legislative frameworks for managing the request and disclosure of communications data. The system also includes all necessary usage reporting to support both National and European government statistical requirements.
Integrating state-of-the-art server and storage technologies, the Sun Fire X4500 Server delivers the remarkable performance of a four-way x64 server, the highest storage density available with up to 24 TB in 4RU (seven inches) of rack space, with incredibly high data throughput at very low cost. This approach allows customers to host their applications and data on a single integrated platform with extremely low energy requirements. For applications that are driven by storage density, high bandwidth requirements, and lowest cost, the Sun Fire X4500 Server delivers the highest storage density available, (approximately 2 to 5 times the density of alternatives), incredibly high throughput rates (approximately 1GB/s from disk to network, approximately 2GB/s from disk to memory), jaw dropping prices (almost ½ cost of traditional solutions), and runs virtually any x86 application.
Designed from the ground up to facilitate system management, the Sun Fire X4500 Server’s architecture provides Sun’s Integrated Lights Out Manager (ILOM) and state-of-the-art remote automation that integrates at the data centre level. With zero touch capabilities managed through a variety of interface options, the Sun Fire X4500 Server’s architecture simplifies installation, deployment, and maintenance. The Sun Fire X4500 Server also features Solaris ZFS, a ground-breaking 128-bit file system. Solaris ZFS delivers advanced file system capabilities by automating administrative tasks, protecting data from corruption, and providing virtually unlimited scalability.
Sun Secure Global Desktop Software provides secure access to server-based applications running on Microsoft Windows, Solaris Operating System, Linux and other UNIX, Mainframe and Midrange systems from a wide variety of popular desktop PCs and mobile devices. Utilising a unique three-tier architecture, the software delivers modern desktop applications side by side with legacy applications without costly modifications to existing software. This allows for consolidation of critical applications and data onto highly reliable, centrally maintained servers and off individual desktop and laptop computers, improving manageability while increasing flexibility.
Utilising the Sun Secure Global Desktop Software on the Secure Data Retrieval Server allows users to access applications remotely from their client device. Users need only a Java technology-enabled Web browser.
This approach:
- Allows application access from the corporate internet safely and securely.
- Ensures users can access only the RIPA / Disclosure application if approved.
- Centralises management of users, applications and data.
- Enables auditing of application usage.
- Eliminates the need to install software packages on each client device.
- Dramatically reduces the time to deliver the application.
TruData Integrity TruSeal adds to the SDRS solution by providing the ability to prove the authenticity of any data once it has left the control of the Communications Service Provider (CSP) - instantly proving whether the data in question is tamper free.
TruSeal provides data-centric, not system centric proof of the information integrity of any digital file from any online location. This means that even if the original file and system are destroyed, any other legitimate electronic copy will still hold the crucial evidential weight for legal purposes. The file may be authenticated and validated from any online location.
TruSeal demonstrates undeniable evidence of “Who” was the author, “What” was the original content and “When” was the TruSeal applied to the highest legal and compliance standards required. TruSeal technology is BSI and ISO compliant. Furthermore, TruSeal uniquely offers MultiSealing – any number of TruSeals may be attached to the same document/file so that anyone viewing a multi TruSeal file will be able to audit and authenticate the original data immediately, together with proof of all other relevant parties and stages involved in the process.
TruSeal is portable and inexpensive. Anyone online may validate TruSeal anywhere – and validation is free. Crucially, there is no confidentiality or leakage threat – TruSeal never takes the original data away from the CSP's environment – only the fingerprint and ID reference leave their system, yet it protects the information integrity of any type of data. TruSeals are applied to the raw data itself – the original data – not a new file with a different fixed format. Through the creation of “Evidence Bags”, multiple transactions may be stored with a single TruSeal. This is particularly pertinent to the log-file type format of data that must be retained by CSPs.
| 
