In Modern Data Centers Security Must Take Center Stage
As Your Organization Modernizes the Data Center and Shifts to Cloud-based Environments, You Must Rethink Your Approach to Security
Data centers are changing rapidly and how we protect them must as well. Auto manufacturers must allow an expansive ecosystem of partners access to proprietary designs and confidential data to ensure the latest makes and models land in dealerships as promised while protecting their competitive edge. Hospitals need to provide nurses, physicians, administrators, and patients with varying levels of access to information while keeping in mind regulatory and compliance issues. Financial institutions engaged in high-frequency trading need highly-available and highly-secure environments for compute-intensive workloads. State and local governments are now expected to provide all stakeholders – residents, law enforcement, social services, public works, etc. – with access to the information they need, and only what they need, when and where they need it.
The technology advances behind these scenarios – virtualization, cloud, and software defined networking – are changing the scope and function of the modern data center. Data and workloads are constantly moving across multi-cloud and physical data centers and security policies must adjust in lock-step. DevOps teams are rolling out new application and services quickly. And there is a huge influx of data from big data analytics.
As your organization modernizes the data center and shifts to cloud-based environments, you must rethink your approach to security, increasing visibility and control without compromising agility and performance. To do this you need to consider the three pillars of security in the modern data center: visibility, segmentation, and threat defense.
1. Visibility. The biggest concern when migrating to multi-cloud data centers is that the connectivity and security of existing workloads remain intact. Achieving consistent workload protection starts with visibility into existing workloads and application behavior, as well as who the users are, where they are connecting from, and what hosts and application resources they are accessing. When you have a clear view and can understand the interdependencies at play, you can define policies, appropriate levels of segmentation, and other defenses to create a security architecture. Considering the number of workflows typically present in any data center, you can imagine the magnitude of the challenge and may be tempted to bypass this step, but it is critical to ensure workloads go undisrupted.
On an ongoing basis, complete visibility can reveal performance bottlenecks and help you improve capacity planning. It makes it easier to detect malicious activity and accelerate incident response and investigations. This helps you determine if and to what extent critical systems were breached and what information was stolen.
2. Segmentation. Employees, contractors, business partners, and customers are interacting with resources in the data center in an ever-expanding way. This boosts the value of the data center, but also increases the attack surface, providing more opportunities for attackers. Recognizing that these different users only need access to a subset of resources to get their jobs done, segmentation allows you to plan for those requirements and reduce the attack surface. With permission-level access, consistent security policy enforcement, application whitelisting, and microsegmentation, resources are locked but those who need access to specific resources can do so safely. When an attack happens, segmentation prevents attackers from moving laterally within data centers and contains malicious activity. It’s an effective way to slow down the hacker and provide security teams time to identify the problem, limit the exposure, and respond to the attack.
Segmentation is also a valuable tool to improve your overall approach to security. For servers on delayed patch cycles, segmentation can reduce the potential for vulnerability exploitation until you can qualify and deploy a patch into production. For legacy systems, segmentation is critical to protect resources that don’t receive maintenance releases or patch updates. In sectors with requirements such as the Payment Card Industry Data Security Standard (PCI DSS) and regulations like the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), segmentation can help to reduce the number of systems that require controls, as well as the scope of an audit.
3. Threat Defense. To protect the modern data center, security policies must dynamically change to help enable real-time policy enforcement and security orchestration that follows the workload everywhere. To do this you need to build security into your data center infrastructure from the beginning.
In multi-tenant environments, such as a public cloud, the possibility of a malicious customer attempting to compromise another customer’s server to steal proprietary information or tamper with records always exists. This requires understanding the security controls of your cloud providers and ensuring they address your requirements. You can supplement those controls by deploying threat sensors across north-south and east-west traffic flows in private cloud and physical data centers to quickly detect, block, and respond to attacks before hackers can steal data or disrupt operations. And while an array of devices and mobile and web applications enable more users to access resources anytime and anywhere, they create another avenue for exploitation. You can minimize business disruption and the impact from a breach by deploying comprehensive, integrated security solutions and policies, that work together in an automated process. This streamlines threat protection, detection, and mitigation. Evolving to incident readiness and response further mitigates your cyber risk when a breach happens.
As you modernize your data center, security must take center stage so you can keep your data, applications, users, and processes secure without any disruption to the business. Visibility, segmentation, and threat defense are foundational elements to any security strategy allowing you to reduce risk while creating new opportunities to deliver value to your customers, partners, and the organization.
Ashley Arbuckle, Cisco’s VP of Security Services, is responsible for the oversight and global delivery of the Cisco portfolio of Advisory, Implementation, and Managed Services, bringing a pragmatic approach to helping Cisco’s clients solve their most complex security challenges. Arbuckle started his career in security consulting at PwC working with Fortune 500 customers. After PwC he joined PepsiCo where he led enterprise security and the strategic planning process for PepsiCo’s IT budget of over $2 billion. He has a BBA in MIS and Accounting from the Rawls College of Business at Texas Tech University, is a CPA, and holds a CISSP and CISM.