Organizations face a multitude of cyber threats. As shown in Ponemon Institute research, exploits of software and application vulnerabilities, malware, including ransomware, spear phishing, ransomware, distributed denial of service attacks, and web-borne malware attacks make it difficult to secure data centers. These threats are causing problems for conventional data centers.
As evidence, recent research reveals that the threat landscape is not improving. There are emerging threats such as cyber extortion, criminal malware, and ransomware that are putting organizations at greater risk. The majority of organizations represented in our many research studies have experienced a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information and say they had at least two data breaches during this time. The financial consequences can be devastating. According to our 2020 Cost of Data Breach Study, the average cost of a breach can be $4 million.
Why is data center security important?
Data centers are a treasure trove of business-critical applications, intellectual property, corporate and customer data. Thus, the data center is a target for criminals. In addition to data exfiltration, these criminals want to do true damage to an organization by bringing down its performance, causing downtime, and affecting its overall physical security. A concern revealed in our research is that organizations are experiencing cybersecurity incidents that resulted in a significant disruption to their organizations’ IT and business processes. The benefit of a strong data center security posture is the reduction in the ability of criminals to access and manipulate network traffic.
In the last five years, significant changes have occurred in the data center environment. Examples of changes include the transition from traditional to hybrid data centers and the scale to hyper-scale data centers. A hyper-scale data center is a facility owned and operated by the company it supports. Hyperscale data centers typically include companies such as AWS, Microsoft, Google, and Apple and serve large enterprises, including financial institutions and healthcare providers with large sets of customers.
While hyper-scale data centers offer highly scalable applications, storage, and database services to individuals or businesses, there are security issues that need to be addressed. Specifically, the scale to support escalating business demands results in the foregoing of security in order to preserve user experience because few security devices on the market are able to keep up. Lacking adequate security leads to a number of problems, from illegitimate web traffic to distributed denial of service attacks (DDoS).
A hybrid data center is a computing environment that uses a combination of on-premise data centers and co-location and extends to multiple clouds. With an increase in global data center traffic, a hybrid infrastructure can help organizations prepare for fluctuations in traffic levels and allow for capacity on demand. The challenge with a hybrid cloud environment leads to reduced visibility due to more blind spots, increased complexity, and external risk from bad actors exploiting vulnerabilities and causing data breaches.
Historically the data center looked at network traffic as vertical or north-south which is described as client-to-server traffic that moves between the data center and a location outside the data center network. North-south traffic is typically depicted vertically to illustrate traffic that flows above or below the data center. Today, data could be moving laterally or east-west within a data center, in addition to north-south flow.
Migration to the cloud and digital transformation are increasing the need to have a highly secured data center.
Most organizations lack confidence in, visibility into, and a clear delineation of responsibility for managing security in the data center—be it hybrid or hyperscale data center.
- Migration to the cloud exacerbates the risk to critical information in the data center. Despite the anticipated increase in the importance of cloud in achieving business objectives, almost half of participants in a Ponemon Institute study are not confident that their data centers currently meet their privacy and data protection requirements. In fact, organizations are reactive and not proactive in protecting sensitive traffic in a hybrid data center environment. Specifically, just 44 percent of respondents are vetting cloud-based software or platforms in data centers for data security risks. Only 39 percent of respondents say their organizations are identifying information that is too sensitive to be stored in the cloud.
- A lack of visibility into the data center’s network traffic puts critical data that is collected, processed, and stored in the cloud at risk. Just 29 percent of respondents say their organizations have the necessary 360-degree visibility into the critical data collected, processed, and/or stored in the cloud. Organizations also lack confidence that they know all the cloud applications and platforms that they have deployed.
- Digital transformation exacerbates the risk of security exploits in the data center. In a recent Ponemon Institute study, IT security practitioners agree that the ability to remain competitive and meet business goals is dependent upon the digital economy. However, to operate successfully in this new business ecosystem, organizations must be able to secure data in the digital transformation process and environment.
- The complexity of business processes, insufficient visibility of people and business processes, and not enough in-house expertise are the primary barriers to a secure digital transformation process. The complexity of business processes must be overcome to achieve a secure digital transformation process. Companies also need to address insufficient visibility of people and business processes and lack of skilled or expert personnel in order to secure their critical information in the data center.
- The increase in encrypted data. Organizations are using encryption to protect sensitive and confidential data in transit. However, it is very difficult to determine if the data is corrupted. Unless the organization has the key to decrypt the data it is a cumbersome process.
- Flat network security weaknesses. Flat networks result from traditional tiered networks based on routers and switches that don’t offer security inspection and enforcement. Flat effectively removes traditional security technologies such as firewalls, filters, and other security appliances. This trend, especially when combined with implicit trust granted to all internal users leads to very high internal risks. For example, once an attacker breaches the perimeter, the attacker can stay dormant for a while and then spread laterally inside the network.
Securing the modern data center
In addition to security, availability is typically the highest priority and best practices include having ample resources to bring data centers up and running if there is an unplanned outage. It was revealed in recent research, organizations are shifting security controls from the network core to the endpoint.
The following are recommendations for achieving an effective data center security strategy.
- Adopt zero-trust architecture. The zero-trust model treats every transaction, movement, or iteration of data as suspicious. A zero-trust security ecosystem tracks network behavior and data flows in real-time and checks anyone extracting data from the system and alerts staff or revokes rights from accounts when anomalous behavior is detected. The threat detection needs to be strong, whether distributed across various security systems or central to a network firewall. The enforcement could be done by the network firewall or through a Network Access Control (NAC) device. Security can be managed through a command center that oversees the central management and operating control for the computer systems that are essential to most businesses usually housed in data centers and large computer systems.
- Build-in security layers and redundancies of data centers. Keeping data safe requires security controls and system checks built layer by layer into the structure of a data center.
- Secure all endpoints. Any device, be it a server, tablet, smartphone or a laptop connected to a data center network is an endpoint and, therefore, needs to be secured.
- Document security procedures. Having strict, well-defined, and documented procedures are critical. Something as simple as a regular delivery needs to be well-planned.
- Run regular security audits. Audits may range from daily security checkups including physical walkthroughs to quarterly PCI and SOC audits or running automated reports to detect misconfigurations and other non-compliant practices.
- Intrusion detection and prevention systems (IDPS) are important. IPS checks are vital to protecting critical network infrastructure and hard-to-patch legacy applications. Detecting these kinds of network-based attacks requires artificial intelligence/machine learning-powered real-time monitoring of the network and system activity for any unusual events.