A holistic approach to Securing the datacenter
Article by Nilesh Rane
- Filed under:
Recent years have been a witness to the increase in incidences of database breaches and cyber crime that have resulted in huge losses for business enterprises worldwide. These attacks are predicted to increase and become more malicious in future.
What makes the situation worse
New technologies – mobile, virtual or cloud – proliferating the ecosystem to make the world more interconnected have created ripples in traditional perimeter security. The ever expanding network infrastructures have given rise to numerous access points for hackers to gain entry into data centers discreetly. Traditional protection methods are no more viable.
With more and more business enterprises moving to the cloud, mobile solutions and connected systems, the situation calls for an urgent need to address security concerns. In fact, a recent Gartner study found that 83 percent of traffic now travels “east/west” within the data center, undetected by traditional perimeter security.
Most CIOs and CSOs do not have the visbility into their networks beyond the perimeter security. With the growing requirement of data center services, this poses a serious question. Legacy security systems can only generate an alert once a breach has been detected or has taken place. Business enterprises, today, have to be proactive to understand the traffic patterns inside their infrastructures and data centers more accurately so that they are prepared to face any attack and emerge from it unscathed.
Moreover, as enterprise networks become more proliferated with cloud based products and laterally moving data traffic, they must be able to interpret any possible threat(s) that may exist. The CIOs must be able to identify and address any network threat that may exist inside an organization’s network in real time.
Data center security
Mapping the network
The first step to ensure data center security is to map the data center itself and flag any suspicious activity within the virtual and physical infrastructure. Being able to visualize traffic patterns within networks can help CIOs and CSOs place countermeasures to tackle breaches and data exfiltration in case of a threat.
Identify and control key high value assets, reduce risk and ensure compliance
It is difficult for organizations to secure all data, information and access points simply because of the insurmountable flow of data through supporting infrastructures. If through a process, critical data can be identified then security approaches can be customized to protect the data against possible threats and breaches that can cause widespread damage. Integrated solutions that provide security at asset location can be implemented in a data center to protect mission critical applications and data against any breach or threat.
Best practices and team accountability
IT managers who understand how traffic/data flows through their IT environment and how the data/information is accessed and secured, can take proactive steps to secure mission critical assets and deploy barriers for anticipated threats or attacks. The 2015 State of the Endpoint Report: User-Centric Risk released by Ponemon Institute, revealed that 78 percent of IT and IT security practitioners consider lax and careless employees who do not follow security policies the biggest threat to endpoint systems.
Data Center Reinvented
To conclude, the three things that every CIO and CSO should keep in mind are the much touted perimeter security is not so secure now, visibility into IT infrastructure is the key and prevalent security practices have become obsolete already. The datacenter of today has undergone a tremendous change, therefore, securing some specific applications or servers is not enough. Visibility into IT infrastructures and the way information is handled will play a pivotal role in ensuring protection of data as new devices, apps and systems get added to an already complex IT network. So, it may be just time for you to reconsider and re-evaluate security solutions and approaches for securing your data center.