The New 80-20 Rule for Data Center Cybersecurity
For much of the IT industry, 2014 was the year of the hack.
Reporters and analysts investigated and wrote incessantly about the seemingly hourly break-ins of corporate computer systems, culminating with the Sony incident associated with the release of “The Interview.”
Undoubtedly, the cybersecurity challenge is going to result in an increasing focus and spend on security systems. The question, however, is whether this will reduce the risk.
Let’s start with the corporate data center, the Fort Knox of the enterprise, and how we guard its crown jewels. Today, the vast bulk of security spend is on the network — firewalls, IDS/IPS, APT, monitoring, etc. — and it focuses almost exclusively on the internet perimeter. These investments account for over $10 billion in hardware/software spend alone (this amount is doubled or tripled after accounting for the labor involved in deploying and managing this gear).
However, if you look at the challenges of securing data centers and cloud computing, the focus and investments appear completely out of sync. Almost 80 percent of the computing traffic never leaves the data center; 20 percent is the ingress and egress. We put the vast bulk of attention on 20 percent of the risk, leaving the soft chewy inside of the data center pretty much unattended to. Whether it is external threats or insidious inside risks, most data center computing is pretty much wide open.
Moreover, the network-based systems we use to protect our data center computing resources have little to no context of the workloads they are built to protect. Imagine having a bodyguard who sits in the lobby of the hotel (vs. inside or right outside the room) and knows pretty much zilch about the habits of the person she is supposed to guard?
IT now has the opportunity to bring a critical focus to protecting the data in the data center — not just the infrastructure — by changing how security is conceived and implemented. This won’t eliminate all of the risks and malfeasance in the industry, but it will bring greater insight and focus to the problem compared with using the rapidly failing tools of the past.
Here are five areas of focus that can help stem the tide in 2015.
Build security into the DevOps, application development cycle.
Today, security is applied to the infrastructure after the applications are built, leaving a frequently porous communications environment. We saw this in the HealthCare.gov hack, where a development server was able to communicate directly to the internet. Instead of creating silos between the application developers and the security groups, they should be brought together so applications are built more securely and better managed by security at the inception.
Create visibility to everything behind the firewall.
Given a quiet room and confidential discussion, many IT administrators will admit they are blind to much of what is happening within the data center. The sheer size, complexity, and dynamic nature of computing create significant computing resources that are not documented or are forgotten (e.g., the developer who built the application left the company years ago). Better visibility and understanding is crucial
Reduce the attack surface of data center and cloud computing…
Read the FULL STORY on SC Magazine