Security concerns are rippling across the IT industry. The WannaCry ransomware attack which hit the NHS and data theft incidents like that experienced by Wonga, the payday loan company, leave a sense of unease that traditional security measures are failing to allay.
Data centers have particular challenges to face when it comes to security, because they not only need to construct cyber-defenses, but physical barriers too, to protect and safeguard equipment and sensitive data.
Now there is a new threat lurking that is set to put data center security in the spotlight, and that is the exponential rise in politically motivated, or state-sponsored cyber-attacks.
The rumors about leaked communications from hacked servers that circulated following the US Presidential election continue to surface in news stories, and more recently the new French President, Emmanuel Macron was targeted by a coordinated hacking attack which saw thousands of internal emails and other documents released in an attempt to destabilise the vote.
In this case, Russia was accused of masterminding the attack, but Russia is only one of several countries that are known to be a source of politically motivated cyber-hacks. Up there too are the US, China, Iran, North Korea and Israel.
Migration to cloud services and the increasing use of data centers and colocation facilities has become more and more popular with local and national government departments in recent years for the storage of sensitive data. While these strategies help governments to take advantage of enormous economic and workflow advantages, they also herald a relinquishing of control of their data and they are increasingly dependent on the cloud or data center operator to implement the highest levels of security.
This is now beginning to see a knock-on effect. Recently, the Australian Department of Defence said that it would be taking all of its data out of Global Switch data center facilities when its contract finishes, because of fears that classified data could be at risk following a massive investment in the company by a Chinese consortium.
Meanwhile, Estonia is taking things a step further and has announced that it will back up its most sensitive government data in a ‘data embassy’ in Luxembourg. This move - which heralds the arrival of friendly countries hosting servers in anonymous data centers to house critical data and applications on behalf of other countries – has been initiated because, according to a story in Wired magazine, Estonia has to fend off hundreds of thousands of cyberattacks every day, most of them coming from China and Russia.
But one of the most beleaguered nations of all from a cyber-crime perspective is Ukraine, which has suffered sustained attacks for many years targeted at undermining the entire stability of the country. Wired again reported on this, saying that Ukraine’s president, Petro Poroshenko, reported 6,500 cyberattacks on 36 Ukrainian targets in just two months with investigations pointing to the “direct or indirect involvement of secret services of Russia”. The attacks have been many and various, but two particularly large incidents took out the national grid, leaving Ukrainians without light or water in the middle of winter.
The report said that it appeared the hackers had spread through the power companies’ networks and eventually compromised a VPN used for remote access —including the highly specialized industrial control software that gives operators remote command over equipment like circuit breakers.
Extra vigilance needed
As nation states become more active in the cyber black market, data centers will need to be extra vigilant about their security measures. Hackers employed by nation states are well-funded and well-supported and their goal is to extract information that can put their country at an economic, political or military advantage. As well as vulnerabilities in networks, systems and servers, they are not beyond targeting the people who work in data centers. Whether unwittingly, or for financial gain, employees can be a weak link in the chain, and their access permission needs to be high on the security agenda.
Part of the difficulty of dealing with cyber espionage is knowing who the enemy is. A lack of trust pervades which impedes progress and while we struggle to withstand the onslaught of attacks, our inability to identify the attacker, means that we are forced to take a ‘zero-trust’ approach.
The security strategies adopted by data centers today need to adapt to the current climate. The provision of support that enables companies to take advantage of cloud services or web applications is vital, but if holding and managing data (particularly government data) is the core function of a facility, it becomes imperative to apply the strictest security protocols to peripherals, servers and data center management software.
Solutions are available that provide granular access controls to assets based on trust. This has to be measured across devices, software, users and systems at all times. Connections should be permitted only on the basis of having a deep knowledge of where a connection initiates from and where it is going to, validation of relevant credentials and continuous monitoring to ensure access is restricted only to approved assets.
Shared infrastructure is a feature of the digital age and provides untold advantages to data centers, cloud providers and end users. But it can also expose our systems to a growing group of hackers who are being sponsored for political gain. We don’t know how effective cross-border treaties or agreements will be in rounding-up these cyber criminals; the likelihood is that they will live beyond the law indefinitely. The only approach we can take to keep our data centers and everything they store and manage protected, is by trusting no-one and questioning everything.
Paul Darby is regional manager for EMEA at Vidder, a company specializing in access control software