1. Technical Field
This disclosure relates generally to information security on network-connected appliances.
2. Background of the Related Art
Network-connected, non-display devices (“appliances) are ubiquitous in many computing environments.
For example, appliances built purposely for performing traditional middleware service oriented architecture (SOA) functions are prevalent across certain computer environments. SOA middleware appliances may simplify, help secure or accelerate XML and Web services deployments while extending an existing SOA infrastructure across an enterprise. The utilization of middleware-purposed hardware and lightweight middleware stacks can address the performance burden experienced by conventional software solutions. In addition, the appliance form-factor provides a secure, consumable packaging for implementing middleware SOA functions. One particular advantage that these types of devices provide is to offload processing from back-end systems. To this end, it is well-known to use such middleware devices to perform computationally-expensive processes related to security.
Another common use for appliances is network security. For example, network intrusion prevention system (IPS) appliances are designed to sit at the entry points to an enterprise network to protect business-critical assets, such as internal networks, servers, endpoints and applications, from malicious threats.
Other appliance-based solutions are common in cloud compute environments. Cloud compute resources are typically housed in large server farms that run networked applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” that are mapped onto physical servers in a data center facility. Appliances are often used in these types of environments to facilitate rapid adoption and deployment of cloud-based offerings. Typically, the appliance is positioned directly between the business workloads that many organizations use and the underlying cloud infrastructure and platform components.
While enterprise appliances of these types are quite varied and provide numerous advantages, they often need to be decommissioned for various reasons, e.g. to enable servicing, because a lease on the device expires, to facilitate an upgrade to new hardware, because the device is sold, or the like. Appliances scheduled for decommissioning, however, often have sensitive data on them. Thus, for example, an appliance provisioned to facilitate health care-related functions may store HIPAA-regulated data. An appliance scheduled to be decommissioned may be stolen or otherwise accessed by unauthorized persons prior to its decommissioning, the sensitive data stored on the device is at risk. One obvious solution to this security concern is to wipe the contents of the appliance's drive. This is easier said than done. Because secure appliances of this type typically do not have keyboards, displays, CD drives or often even USB-based ports, there is no convenient way to boot a disk that might wipe the internal drive prior to or in association with the decommission. An alternative is to enable a remote wipe of the appliance, e.g., by a privileged remote administrator. That solution, however, raises another security risk, namely, how to prevent malicious or accidental wipes (even from such a privileged administrator).
There remains a need to ensure protection of sensitive data on an appliance that is being decommissioned (or otherwise taken out of service) and, in particular, when the appliance is being managed from a remote location.