There are a lot of moving pieces when it comes to data center security, so organizations must always be striving to ensure they are placing emphasis on the correct elements. Penny Jones of Datacenter Dynamics said many CIOs are used to the approach of "build a castle and dig a moat" when it comes to data centers, but cloud computing, network, virtualization and other modern technologies are drawing data centers into the crosshairs of more sophisticated attackers.
This trend was highlighted by a recent report from Verizon which showed there were 621 confirmed breaches in the last year, with 53 percent being external targeting the data center, 73 percent hackings via web applications and 61 percent saying next generation security software only really addresses part of the program. Jones said instead of thinking of data security as a castle with a moat, it needs to be thought of as more of a "motel model."
"Sure, the perimeter needs to be secured, but once inside administrators need to be able to fortify each room (virtual machine) independently and easily define, control and monitor who has access and who can pass from one room to another," Jones wrote. "Deploying the motel model starts with the network architecture itself. The dynamic nature of the virtual environment means that any physical or virtual security appliance must be able to apply policy to a large footprint within the data center."
Transitioning toward this approach starts with condensing the architecture to as few layers as possible using fabric technologies or virtual chassis, according to Jones. This makes it possible to deploy more extensive technology to have a broad footprint across the company and its network. VM security, for example, can be done using a solution with performance and auto-applying policy to the VMs as they are created or moved. Application security is done at a higher level, Jones said, as these are a bigger target of attacks within companies.
Protecting against distributed denial of service (DDoS) attacks is something else businesses will need to start thinking more about, and Jones wrote on Datacenter Dynamics that this can be done by monitoring the performance of processors and relating it to use sessions to see where and how attacks are taking place.
A recent report from Infonetics Research found that companies are spending more than ever on data center security, as those that operate their own centers are spending an average of $17 million per year in 2013, up from $14.6 million last year.
Data Security News from SimplySecurity.com by Trend Micro.