Digital transformation has become a key business imperative, believes Richard Villars, VP of Datacenter and Cloud at IDC, a top global analyst firm. Progressive technologies that dominate the headlines – including the Internet of Things, augmented and virtual reality, robotics, and 3D printing – have quickly been seized by business as innovation accelerators.
‘To be able to harness the power of this technology and empower this type of innovation, business needs a new platform that supports cloud, big data analytics, social media, and mobility,’ he says. ‘Agile new data centre decisions are therefore critical to business success in the digital age.’
Whereas before business dealt with fourto-five year hardware refresh cycles, today these cycles are less than three years. Managing disparate cycles for compute, storage, and network environments has given way to independent technology cycles. High migration costs have also given way to lower migration costs.
The data centre of the future looks different to the legacy on-premise model of the past. It includes hosted cloud, co-location, managed services, and requires a higher degree of control.
The data centre, he believes, plays an important part in delivering better user engagement and customer experience – especially in a world of increased mobility for both employees of an organisation and its customers, vendors, and other partners. ‘The primary function of an organisation’s data centre is to ingest, deliver, and exploit data,’ Villars points out, ‘and the function of technology teams is to deliver resources – not manage devices. Therefore finding the right partner to facilitate any data centre transformation is critical.’
The shift from traditional data centres
‘The next-generation data centre requires next-generation automation and process management to support new users, devices, and applications and workloads,’ says Kevin Leahy, Group General Manager for Data Centres at Dimension Data. ‘Moreover, it must support core enterprise applications, big data, and diverse locations in a secure manner.’ Several challenges come to light when securing IT infrastructure in the digital landscape. These include applying consistent cybersecurity controls in physical and virtual environments, provisioning security at the same speed as infrastructure, and regulation and compliance headaches. ‘Of course, access control to the data centre is a major challenge,’ he says. ‘It’s important to prevent compromised endpoints from expos
Two paths of attack
There are two main weak points that cyber criminals focus on: a frontal assault on the application and Trojan-horse attacks on the end-point. ‘Attackers rely on unsecure coding practices and bugs in Web-server platforms, Web applications, content management systems, middleware, and databases,’ he explains. ‘Typically, organisations put a lot of effort into protecting only Internet-exposed applications from these attacks – however, in the next-generation data centre, these controls need to be added for internal user access too.’ With end-point attacks, cyber criminals look to seize the keys of your castle or data centre estate. ‘Spear phishing, watering hole, and other similar attacks are used to either gain access credentials or user data, or to take over a computer and use it as a Trojan horse,’ Leahy says.
Automation comes of age
Automation and segmentation will empower security in the data centre and application environment of the future. This is the stance of Scott Harrell, Vice President of Product Management for the Security Business Group at Cisco, which offers a best-of-breed architectural approach to security that is simple, automated and open. ‘In order to improve a data centre’s security posture, it’s important to automate security wherever possible and extend an advanced threat protection into the data centre,’ he says. ‘Furthermore, organisations should tap into the network’s telemetry and implement end-to-end segmentation.’ There is a massive push to automating as much of the data centre environment as possible. ‘Automating security makes sense as it minimises the potential for human error and accelerates the ability to respond faster,’ he says. ‘Automated security provides consistent protection for any application – physical or virtual.’ Delivering security in the next generation datacenter follows three broad stages, Harrell explains. Before a cyberattack, security professionals need to favour architectures that help them automate the discovery of applications, maintain normal network flows, the creation and sharing of logical groupings, and the creation and enforcement of security policies. This is really about hardening the environment to prevent attackers from entering while also constraining an attacker’s ability to move laterally if they do get in.
During an attack, he goes on to say, the security professionals should focus on solutions that enable them to quickly detect the attack, prioritise alerts, and use automation to enable real time responses and adaptive protections against these attacks. And, after a security incident, a next-generation architecture should be able to enable the rapid understanding of scope of the attack, contain any damage already done, and automate the required malware protection and remediation going forward.
Network as a sensor
The network has a crucial role to play in security. Because network flows can shed light on typical attack signatures, Harrell points out that network telemetry can help organisations understand security and application behaviour better and also swiftly identify anomalies. ‘Telemetry gives granular visibility into each network “conversation” over a period of time, which helps recognise application traffic and supports segmentation planning,’ he says. ‘It also allows for simplified compliance reporting, which is often a headache for organisations.’ Moreover, a telemetry approach allows organisations to identify – and also investigate – breaches and other anomalous activities in the application environment. ‘What it does is allow you to reconstruct the sequence of events
Network as an Enforcer
If an attacker does breach your data centre they must be limited in what they can do once inside. ‘Effective network software-defined segmentation creates quarantine “pockets” to contain threats until action can be taken,’ Harrell explains. ‘It restricts communication between networks and reduces the extent to which an adversary can move across the network.’ Leveraging existing switches, firewall, and routers to provide Network as a Sensor (NaaS) and Network as an Enforcer (NaaE) capabilities greatly improves a data centres security posture without forcing enterprises to deploy tons of costly new equipment. ‘In the digital world, you need heightened visibility of application and data centre infrastructures and this calls from an integrated architectural approach across the entire enterprise paths,’ he says. ‘In short, you need security everywhere.’ Dimension Data’s Kevin Leahy agrees with this sentiment. ‘If data can live anywhere, then security must be everywhere,’ he says. ‘Cyberattacks are a part of the digital landscape,’ he adds. ‘When looking to protect their digital assets, whether they’re applications or infrastructure, organisations need the visibility and awareness – and the right technology approach – to make sure they’re ready to deal with them while delivering uninterrupted business incomes.’
> For more, go to www.dimensiondata.com
Copyright Dimension Data 2016