A question that comes up increasingly in our constantly changing world of security is: “How does data centre security differ from network and end-point security?”
There are a number of fundamental differences and it’s worth taking a look at some of these. For example, when it comes to the data centre, there are more constrains on security, in terms of performance – i.e., not standing in the way of innovation. In fact, performance becomes a real issue, because of the speed of change and innovation, but also in terms of the performance of the systems and applications that are running; especially as security can slow down applications and reduce capacity.
Another point to bear in mind is that the attack surface is about much more than simply the host. People don't necessarily think about applications running within the host, network devices (such as storage) and the user. That's where we will see real change in people operating the data centre, with customers often having to deploy multiple products to solve the problems.
Also, modern data centres run services for the business (e.g., an online web store or data analytics). These services are not just virtual or physical systems, but a collection of hosts, applications, networks and storage, and users. For this reason, policies and processes need to be viewed across all of these and not limited to the hosts alone (like traditional security). This approach of micro segmentation is a new trend in the software defined data centre. Essentially, today’s level of usage and goal to virtualise everything can make the data centre far more vulnerable.
NEW THREATS
What about new threats out there? Well, unfortunately one key threat is that security itself is often lower on the list of priorities, while the boundaries as to who actually deploys or manages that security in the data centre have become mired in politics to a large degree. Also, people typically don't think about security issues when they want to bring in new applications (services), which can then become a nightmare for any CIO to manage after the fact. Compliance is a challenge in these more fluid environments. Enforcing compliance can dramatically slow down innovation.
In order to support the transformation to a modern data canter, Security & compliance needs to be imbedded into the data canter orchestration process so that as the operations team make changes or add capacity, security & compliance validation checks can be orchestrated at the same time. This means that security policies need to be ‘pre-packaged’ and easy to apply without impacting the provisioning process.
With the impending EU data protection changes on the horizon, location of the components of the 'service' (hosts, applications, network devices and users) is increasingly important, although often unknown. One technology that has been around for decades yet is increasingly useful when it comes to protecting information with regards to data boundaries is encryption. This technology is incredibly effective at protection information wherever we choose to store and transmit it.
In order to demonstrate ownership of sensitive information that is increasingly mobile or distributed, encryption is the key (Excuse the pun!). It’s a great way to separate your information from the infrastructure or device it’s being stored or processed on.
When it comes to internal threats, users are a business’s biggest asset, and their biggest risk! One of the most effective mechanisms to protect sensitive data from leaving the business in error is user awareness. Many IT leaders are driving a cultural change to ensure users have a strong security culture. A common question I hear is whether there is a difference in attitudes towards security, according to age? It’ a valid point and indeed it seems that the younger generation doesn't think about security as much, mainly because they want instant gratification, and they assume it's imbedded in what they are doing. So we really need to ensure users are more informed, so they (line of business and users) can make their own risk-based decisions.
At Symantec, our approach to engaging with organisations on all of these challenges is very much: “How can we support you modernise your security programme?” – Because more and more IT leaders are looking to be seen as a service to the business. Information is close to the heart of Symantec because of our market-leading position in both the information security, information management and information availability market place. This gives Symantec a unique perspective, enabling us to help organisations get a much better understanding of their information and how to manage and protect it.