The notion of the data center as a physical space enclosed by four walls isn’t entirely dead, but it certainly is undergoing disruption. Driven by rapid growth, advancing technology and market forces, more and more large enterprises are turning to hybrid data center infrastructures.The modern data center is increasingly a heterogeneous mix of environments and technologies that combine physical servers and virtual machines in on-premise facilities, private clouds and the public cloud.
Moreover, these disparate installations are by no means static. Organizations are constantly shifting data and workloads among them as traffic levels and processing demands dictate. This flexibility to scale up or down as needed is what makes the hybrid infrastructure so attractive.
Hybrid facility, multiple risks
While the hybrid data center helps make organizations more agile, it creates a security headache – if not a nightmare – for the IT teams tasked with integrating these different environments. The public cloud, with its public-facing user interfaces, shared resources and APIs, poses very different security challenges from on-premise data centers.
Most data center security solutions are focused only on a specific type of environment, be it physical, virtual or cloud. That means in a hybrid scenario, teams have to deploy, manage and monitor several different types of security controls, each with its own console or dashboard and its own protocol for expressing and managing security policies. Not only is such a patchwork of systems inefficient, it’s also fraught with risk and a drag on incident response.
Compounding the challenge is the fact that both internal and cloud security measures still tend to focus primarily on breach prevention and perimeter defenses. However, with the hybridization of data centers, the expansion of the cloud and the increasing mobility of assets, the “perimeter” is becoming harder to define, let alone defend. In spite of the vast sums of money spent to protect data centers from external threats, breaches continue to occur at an alarming rate, becoming ever more brazen in ambition and scale. Intruders that have successfully breached data center defenses can lurk undetected for weeks or months at a time, moving freely within the flow of east-west traffic until they find a vulnerability to exploit.
Securing assets within the data center
This situation calls for a two-pronged solution: one, an efficient means of securing applications and workloads at a very granular level from threats within the data center; and two, a common set of security controls that can be applied consistently across hybrid data center environments, both physical and virtual, including those that reside in the cloud. Security controls need to be agile to adapt to the dynamics of the cloud environment, and must be able to support cloud scale and performance. To further increase efficiency and reduce the risk of exposure to attacks, security teams should be able to manage those controls from one central point, requiring no reconfiguration as data migrates from one environment to another.
In a hybrid scenario, a patchwork of security controls is inefficient, fraught with risk and a drag on incident response
One way to achieve both objectives is to use micro-segmentation to set security policies around individual or groups of applications regardless of where they reside in the hybrid data center. These polices would dictate which applications could communicate with each other, and would effectively “follow” their respective applications as they migrate from on-premise to the cloud and back.
Historically, the challenge in implementing micro-segmentation has been a lack of visibility into data center applications and processes, particularly in today’s highly virtualized cloud environments. Now, however, graphical visualization tools exist that enable security administrators to map their environments, providing visibility into data center activity down to the application and process level. This makes it easier to locate, identify and group or segment applications for the purpose of establishing security controls around them.
Improving breach detection and response
Micro-segmentation has the added advantage of strengthening breach detection. Security policies would enable instant recognition of unauthorized network and application communications. Any such policy violation would automatically trigger an alert of a potential security incident that warrants investigation.
Hybrid data center security can be further strengthened and streamlined through automation with distributed deception technology, which can be deployed throughout both physical and cloud environments. With distributed deception, any anomaly in east-west traffic, such as a blocked or unsuccessful connection, automatically triggers a decoy to reroute, contain and investigate the suspicious activity. This dramatically reduces false positives and provides higher-fidelity security incidents, enabling security teams with limited resources to more precisely prioritize incidents for quicker investigation and response.
The hybrid data center is rapidly becoming a way of life for large enterprises. Security has to keep up. It is no longer enough to “guard the border,” especially in a hybrid infrastructure in which the border keeps shifting. Security specialists need to step up their breach detection and response capabilities within the data center. In a hybrid world, that means finding security solutions designed to mitigate threats across multiple types of environments – physical or virtual, on-premise or cloud – and deliver centrally managed, consistent protection to data center assets no matter where they reside.
Dave Burton is vice president of marketing at GuardiCore