The end goal of many cybercrime campaigns is to reach the data center and exfiltrate valuable data or cause disruption. In fact, a recent Ponemon report shows that cyber attacks caused 34% of downtime in 2013, compared to 15% in 2010. And the 2014 Verizon Data Breach Investigations Report reveals that data centers with their high bandwidth pipes are also becoming the vehicle of choice for launching some of the largest Denial of Service attacks we’ve ever seen. With attackers increasingly ‘centered’ on the data center, administrators need security solutions that allow them to be increasingly ‘centered’ on effective protection.
Data centers are evolving and becoming more intelligent to support changing business models and new competitive environments. Applications can be provisioned dynamically. Resources automatically shift as demands change. Virtual devices and services can be deployed and retired on demand. And visibility and control are now expanding across the data center. However, many of today’s security solutions, designed for the Internet edge and not the data center, simply do not support these advances in the data center or the new, targeted threats aimed at these highly prized targets. Traditional data center security and bolt-on solutions fall short in a number of ways: taking days or weeks to provision; lacking performance and scalability to handle dynamic environments and high-volume bursts of traffic; involving fragmented solutions that aren’t integrated across the data path, creating management overhead and policy handoff errors; and focusing only on preventing attacks before they happen with no ability to see and proactively respond to threats that inevitably get through.
Because the wrong security solution can actually impede business goals, many organizations increasingly choose to scale back on security in order to maximize the flexible and dynamic services built into their data centers. In fact, Gartner finds that 95% of data center breaches occur due to a misconfigured firewall, largely a result of administrators faced with the untenable choice of compromising security for the sake of data center functionality. The problem is likely to get worse before it gets better. Complexity and challenges mount as data centers are migrated from physical to virtual to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI). Data center administrators find themselves spending more time managing topology and less time managing the applications and services that can provide the additional productivity and performance gains necessary to support the goals of the business.
With data centers becoming increasingly critical to business strategy execution, data center security must be considered within the context of the broader security strategy for the overall organization. Security for the data center must evolve in three important aspects to deliver the control administrators need, without compromising protection and functionality.
- Security must be designed for the data center. Many Internet-edge security solutions, like next-generation firewalls, are being inappropriately positioned in the data center where the need is visibility and control over custom data center applications, not traditional web-based applications. Security must also be integrated into the data center fabric, and not simply at the edge, in order to handle not only north-south (or inbound and outbound) traffic, but also east-west traffic flows between devices or even between data centers. Security also needs to be able to dynamically handle high-volume bursts of traffic to accommodate how highly-specialized data center environments operate today. And to be practical, centralized security management is a necessity. With Gartner anticipating a 3000% increase in data center connections per second by the end of 2015 with more and more devices and applications connecting, performance and provisioning capabilities cannot be understated.
- Security must be able to adapt. Data center environments are highly dynamic and security solutions must be as well. As data center environments evolve from physical to virtual to next-generation SDN and ACI environments, data center administrators must be able to easily apply and maintain protections. Security solutions must provide consistent protection across evolving and hybrid data center models and they must also be intelligent so that administrators can focus on providing services and building custom applications to take full advantage of the business benefits these new environments enable without getting bogged down in administrative security tasks.
- Security must provide protection against advanced threats. Traditional data center security approaches offer limited threat awareness – especially with regards to custom data center applications and transactions, limited visibility across the distributed data center environment, and focus primarily on blocking at the perimeter. As a result, they fail to proactively defend against emerging, unknown threats targeting valuable data. What’s needed is a threat-centric approach to securing the data center that includes protection before, during, and after an attack, and that understands and can provide protection for specialized data center traffic. With capabilities like global intelligence coupled with continuous visibility, analysis, and policy enforcement across the distributed data center environment, administrators can gain automation with control for the protection they need.
Advanced attackers are infiltrating networks and moving laterally to reach the data center. Once there the goal is to exfiltrate valuable data or cause disruption. Data center administrators need technologies that allow them to be as ‘centered’ on security as attackers are on the data center. With solutions designed for the data center, able to evolve as data centers embrace hybrid and next-gen environments, and built to deliver protection before, during, and after an attack, data center administrators can gain control without compromise.