Security issues are increasing as technology increases, and the hybrid cloud presents a risk that data center managers should be aware of, according to an industry briefing paper from DCD Intelligence.
“Insecurity grows as technology develops”, warned the report's author Martin Hingley, at the DatacenterDynamics Converged event in London this week. “Data centers are now logical, and not just physical entities. You can’t secure the data center without having the ability to secure the network and its end points”
The paper, Preparing the Data Center Against the 21st Century Attack, gives details of the modern security threats data centers face, and advises on how to mitigate them. Hingley, an associate analyst with DCD Intelligence, who also runs his own research company, ITCandor, presented these issues at the event.
Cloud increases the attack surface
“Security is like a maintenance service contract; you hope you never have to use it,” the analyst jokingly observed. However, he quickly pivoted to a more serious tone, recalling that there may have been a time when managers were able to lock away the facility, “but over time, things have occurred that have increased the insecurity of the data center.”
The widespread implementation of virtualization changed everything with the introduction of VMware’s hypervisor in about 2002. Protecting data became an issue because it’s not always in one particular location. Add the explosive increase in mobile device access, social media, and cloud computing, and the number of interactions between the data center and end points gives rise to an era where data center security must evolve into a continuous process, rather than a periodic compliance checklist exercise, Hingley explained.
The attack surface grows as computing becomes more prevalent in society, the analyst noted. “Running your own data center, provided you have the proper controls in place, is likely the most secure approach”, he said. But on-premise or in-house data centers will not always make the most business sense, Hingley acknowledged.
There are certain trade-offs, however, that organizations must consider when they outsource data center functions to the cloud. They include choices surrounding total cost of ownership, security, elasticity, and performance.
Hybrid clouds provide the largest security issues, he observed. “In a multi-tenant environment you want to make sure your data is completely scrubbed off to make sure no one has access to your intellectual property”, Hingley recommended.
The 18-page industry brief culls the observations and recommendations of a half-dozen security industry experts from companies such as Imperva, Fortinet, IBM and Symantec. Many of the experts Hingley consulted agreed that buying new software if your organization is breached is far from a security panacea. The key, Hingley advised, is to “reconsider your attitude towards risk, security posture, and taking precautions.”
The analyst concluded with a three-pronged approach to data center security policy, comprising organizational, technology, and process elements. First was to educate the board, staff, and contractors to increase their awareness of security issues. The next step involves using the best-available security software to suit your needs, in addition to appliances and services. In addition, organizations must assess the effects of new devices and how they impact their IT infrastructure.
Finally, Hingley advised, the overall organization must make security part of its business process. “It’s increasingly impossible to ensure security through the old-fashioned way of locking people out from access”, he noted. And, as his new industry brief explains from the outset, “data center security is not about ‘return on investment.’ Rather, it concerns ‘protection from disaster’.”
Preparing the Data Center Against the 21st Century Attack