NextGen Data Center and Security Strategies

Data Centers are considered to be the vulnerable businesses to cyber-attacks, yet spend the least on defending themselves against hackers

Mobile and broadband providers were found to be most at risk of being attacked by hackers because they hold highly-prized customer information, according to the study from the Centre for Economic and Business Research (CEBR).

One critical threat unique to the telecommunications sector is the attack of leased infrastructure equipment, such as home routers from Internet Service Providers (ISPs). Once the equipment has been compromised, hackers can use it to steal data, launch other attacks anonymously, store exfiltrated data, or access expensive services such as international phone calls. To avoid upsetting customers, telecom companies generally refund any charges associated with such attacks, often resulting in significant lost revenue.

Modern data center paradigm

Data center security is crucial for every modern business in this digital age. Over time, the data centers have undergone a significant transformation and their security is very different from what it was years ago.

Organizations, particular those that have suffered the effects of cyber-attacks, have strengthened perimeter-based security controls like firewalls and intrusion detection systems. Unfortunately, traditional data center security methods such as these are not enough to protect companies from large-scale, distributed cyber threats and furtive attacks at the application layer.

What enterprises need today are multi-layered defense architectures that can not only detect and deflect cyber-attacks as close to the source as possible but also scale to absorb massive-scale threats

The 451 Research outlines ‘Hyper scales as the fastest-growing datacenter segment due to demand from cloud providers. They are driving new datacenter designs, technologies and operational approaches, including those proposed by the Open Compute Project (OCP).’

The firm also states the impact of cloud computing on data centers and its ecosystems of suppliers is both deep and wide. The demand for on-premises capacity will certainly offset the ability to far-more easily migrate and place new workloads with cloud providers such as Amazon.

When it comes to data center security, the top three problems that customers encounter today are:

  1. Security teams are challenged with staying ahead of emerging threats. According to the (ITRC) Identity Theft Resource Center, as on Oct 2016 – there are 763 reported breaches exposing more than 29 million records. While we have yet to see a mega-breach that will define the year, as the Office of Personnel Management, Target and Sony have in years past, trends have emerged in the year so far, including multiple attacks targeting financial institutions, federal agencies, health-care organizations and telecom providers.
  2. With the move to cloud to drive agility, existing manual device-centric security provisioning processes are becoming a bottleneck. IT teams are short on resources and the systems cannot scale with manual processes to address new requirements in the cloud. According to the Gartner, 95 percent of firewall-related security breaches are due to misconfigurations. Organizations looking to automate security across their heterogeneous infrastructure (physical and virtual) need to increase agility and reduce complexity.
  3. Organizations are challenged with demonstrating compliance to regulations such as Payment Card Industry (PCI) regulations, HIPAA, etc. as they adopt cloud solutions – whether private cloud (with a shared multi-tenant model) or public cloud. Demonstrating compliance is complex and costly due to dedicated network infrastructure today. And it requires auditing the configuration of every device within the compliance scope.

 Strategic priorities to secure data center

Segmentation helps data center security professionals to enforce consistent policies across physical and virtual boundaries to protect data at rest and in motion.

The concept of segmentation is nothing new. In ancient history, Romans created fighting units based on the ethnic and geographic identity of captured warriors. The idea was simple: group the warriors with similar backgrounds together so they can bond and eventually become better fighting units. Segmentation divides the data center into smaller, more-protected zones. Instead of a single, hardened perimeter defense with free traffic flow inside the perimeter, a micro-segmented data center has security services provisioned at the perimeter, between application tiers, and even between devices within tiers. The theory is that even if one device is compromised, the breach will be contained to a smaller fault domain.

Segmentation itself can be broken into four key areas. (a) Network Segmentation, (b) Fabric Segmentation, (c) Firewall Segmentation and (d) Context aware Segmentation

As data centers continue to evolve, applications are now dynamic objects moving through the network. Securing and managing access to these applications and the underlying data requires policies that can be effectively implemented at the network level and travel as users constantly migrate and virtual machines are created, moved, and recreated.

It is critically important to recognize that the more successful cyber-attacks are highly targeted and many organizations have used the kill chain concept in creating cyber threat control models.

In order to deal with their biggest security challenges, customers need a more simple and scalable threat-control model. In cyber security market, many vendors developed various threat management system capabilities which includes threat containment & remediation, access control & segmentation, identity management, application visibility, logging & traceability management. New technology solution also employs lightweight, distributed component across the data center that monitors all connections using multiple detection methods. Unsuccessful connections are transparently rerouted to a high-interaction deception engine for investigation while successful connections are analyzed for malicious attributes. Centralized management performs semantic analysis of connections and attacker’s activity and alerts on any deviation from authorized and expected behavior. It detects humans as well as APTs and bots at the stage of lateral movement, providing the ability to search for the full spread of the breach and enabling automated mitigation and remediation of infected servers. These solutions can be integrated into OpenStack, CloudStack and VMware infrastructures, and can be also installed in physical data centers and public clouds.

Visibility is crucial so security professionals can understand what is happening in the data center before or during planning of policy and an ongoing basis when you need to manage and make changes to the policy.

By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deals with the threat defense requirements in our overall data center.  Security market do have visibility tools to provide the customers with insight they need to make better decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in the data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture. [also read – Application visibility is key for data center micro segmentation]