Anthony Perridge, EMEA Channel Director, Sourcefire, now a part of Cisco, discusses the importance of protecting data centres.
The end goal of many cybercrime campaigns is to reach the data centre and extract valuable data or cause disruption. In fact, a recent Ponemon report shows that cyber attacks caused 34 percent of downtime in 2013, compared to 15 percent in 2010.And the 2014 Verizon Data Breach Investigations Report reveals that data centres with their high bandwidth pipes are also becoming the vehicle of choice for launching some of the largest Denial of Service attacks we’ve ever seen. With attackers increasingly ‘centered’ on the data centre, administrators need security solutions that allow them to be increasingly ‘centered’ on effective protection.
Data centres are evolving and becoming more intelligent to support changing business models and new competitive environments. Applications can be provisioned dynamically. Resources automatically shift as demands change. Virtual devices and services can be deployed and retired on demand. And visibility and control are now expanding across the data centre.
However, many of today’s security solutions, designed for the Internet edge and not the data centre, simply do not support these advances in the data centre or the new, targeted threats aimed at these highly prized targets. Traditional data centre security and bolt-on solutions fall short in a number of ways: taking days or weeks to provision; lacking performance and scalability to handle dynamic environments and high-volume bursts of traffic; involving fragmented solutions that aren’t integrated across the data path,creating management overhead and policy handoff errors; and focusing only on preventing attacks before they happen with no ability to see and proactively respond to threats that inevitably get through.
Because the wrong security solution can actually impede business goals, many organisations increasingly choose to scale back on security in order to maximise the flexible and dynamic services built into their data centres. In fact, Gartner finds that 95 percent of data centre breaches occur due to a misconfigured firewall, largely a result of administrators faced with the untenable choice of compromising security for the sake of data centre functionality. The problem is likely to get worse before it gets better.Complexity and challenges mount as data centres are migrated from physical to virtual to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI). Data centre administrators find themselves spending more time managing topology and less time managing the applications and services that can provide the additional productivity and performance gains necessary to support the goals of the business.
With data centres becoming increasingly critical to business strategy execution, data centre security must be considered within the context of the broader security strategy for the overall organisation. Security for the data centre must evolve in three important aspects to deliver the control administrators need, without compromising protection and functionality.
Security must be designed for the data centre: Many Internet-edge security solutions, like next-generation firewalls, are being inappropriately positioned in the data centre where the need is visibility and control over custom data centre applications, not traditional web-based applications. Security must also be integrated into the data centre fabric, and not simply at the edge,in order to handle not only north-south (or inbound and outbound) traffic, but also east-west traffic flows between devices or even between data centres. Security also needs to be able to dynamically handle high-volume bursts of traffic to accommodate how highly-specialised data centre environments operate today. And to be practical, centralised security management is a necessity. With Gartner anticipating a 3000 percent increase in data centre connections per second by the end of 2015 with more and more devices and applications connecting, performance and provisioning capabilities cannot be understated.
Security must be able to adapt: Data centre environments are highly dynamic and security solutions must be as well. As data centre environments evolve from physical to virtual to next-generation SDN and ACI environments, data centre administrators must be able to easily apply and maintain protections. Security solutions must provide consistent protection across evolving and hybrid data centre models and they must also be intelligent so that administrators can focus on providing services and building custom applications to take full advantage of the business benefits these new environments enable without getting bogged down in administrative security tasks.
Security must provide protection against advanced threats: Traditional data centre security approaches offer limited threat awareness –especially with regards to custom data centre applications and transactions, limited visibility across the distributed data centre environment, and focus primarily on blocking at the perimeter. As a result, they fail to proactively defend against emerging, unknown threats targeting valuable data. What’s needed is a threat-centric approach to securing the data centre that includes protection before, during, and after an attack, and that understands and can provide protection for specialised data centre traffic.With capabilities like global intelligence coupled with continuous visibility, analysis, and policy enforcement across the distributed data centre environment, administrators can gain automation with control for the protection they need.
Advanced attackers are infiltrating networks and moving laterally to reach the data centre. Once there the goal is to extract valuable data or cause disruption. Data centre administrators need technologies that allow them to be as ‘centered’ on security as attackers are on the data centre. With solutions designed for the data centre, able to evolve as data centres embrace hybrid and next-gen environments, and built to deliver protection before, during, and after an attack, data centre administrators can gain control without compromise.