Data centre security: from bolt-on to built-in

How do you secure the modern data centre? We asked ten senior IT security professionals for their five key steps. Here’s what they said about safeguarding the perimeter and beyond…

Virtualised networks and data centres, changes in workloads and traffic, and the increasing criticality of business data: all pose new security challenges for IT professionals. But too many strategies lack flexibility, remain perimeter- and hardware-centric only, and adhere to the fallacy that more is better. Security is too often bolted on.

What is needed? We put that to ten senior IT security professionals, from such diverse worlds as banking, entertainment, mining and communications, over two engaging and passionate roundtable discussions.

We’ve gathered all that knowledge in a new ebook you can download here.

Our panel were clear: We need a new approach. One that also secures workloads, data and data access at source, and provides deep internal security of both corporate and consumer data, wherever it resides.

Why? Because businesses are moving to the cloud. Because datacentres are multi-tenanted. Because data breaches are front page news. Because technology is changing, and a managed risk approach to security makes sense.

Andrew Richardson, Information Security Business Advisor to Tesco Bank, says it best:

“We’ve got this combination of datacenters now, and there are more agile cloud based datacentres coming online. We’ve got this moving technology, where once everything used to be pretty static. We’re looking at much more coordination and working with third parties and fourth parties, and where that control model breaks down we need to look at other ways of introducing controls and limiting risks.”

“We’re all about the data and the risk to our data,” says the VP and Global Information Security Specialist with an American multinational banking and financial services corporation, who is now asking far deeper questions of his IT partners.

We’ve always asked about encryption. Now we’re saying to what standards? What key lengths are you using? What do you do if you lose control of those keys? What devices are you using to manage those encryption keys?

“Now we don’t know where the data is, the only thing protecting it is the applications and the controls around it. That has become the most important thing that we assess.”

The world is changing. Whilst a hardware-centric perimeter is always going to be necessary, advancements in concepts like ‘zero trust’ and ‘micro-segmentation’ are adding an additional layer of security and protection. Security is becoming built-in.

Old dogs, new tricks

Zero trust and micro-segmentation used to be, in the words of the Head of Information Security with a leading online fashion retailer, “a utopian dreamland. Nobody really managed to get there.” But in security, you can teach an old dog new tricks.

“The idea that you should give every application access to the least amount of resources it needs to do its job, whether you call it least privilege or zero trust, that idea probably goes back to the 70s,” says Bruce Davie, VMware’s CTO for Networking. “But it’s only now becoming operationally possible. Micro-segmentation, the tight control of the communication parts between workloads, that’s not a novel idea. But now we can actually operationalise it.

“We’re capturing computer science principles from 30 years ago or longer, and moving them into an implementation where they can be truly operationalised and operated at scale.”

And the benefits go beyond security and back again, says the online fashion retailer. “We’ve noticed that technologies like micro-segmentation, which can be described through code or through very simple configuration, also help with engineering practices. My development environments can be pretty much my production environments now. And because of that, we have very few situations where developers complain that ‘hey look, this worked in development’. You can migrate the configuration as long as it is peer-reviewed.

“It also virtualises your infrastructure as well as all of those things that are tied in. It has significant engineering gains which then fit into your overall security posture as well. It just makes it that much better.”

Download the ebook including our panel’s five key steps to datacentre security.

 

Browse

Article by channel:

Read more articles tagged: Featured

Cyber Security