User’s demand for cloud-hosted services has shown no signs of waning and as the International Data Corp (IDC) predicts data creation will hit 163 zettabytes by 2025, the need for modernised data centres is only set to rise. Bharat Mistry, Principal Security Strategist, Trend Micro, discusses how and why enterprises should be ensuring their data centres are secure.
The data centre is undergoing a profound period of change. Digital Transformation projects are demanding a shift away from on-premises legacy equipment to agile hybrid cloud environments. But in so doing, organisations are exposing themselves to unprecedented levels of cyber-risk. Tackling this challenge means understanding what levels of risk your organisation is prepared to live with and then applying controls appropriately to manage the increasingly diverse range of threats targeting modern data centres.
The digital stampede
Over 70% of UK organisations have a Digital Transformation strategy in place or are implementing one, according to the Cloud Industry Forum. The lure of greater IT efficiencies, streamlined processes, business agility and cost savings has convinced boards to invest heavily. It’s a market set to be worth US$462 billion by 2024 as firms look to AI, IoT, Big Data and more to drive innovation-fuelled growth.
The data centre sits at the heart of these initiatives. But unless you’re a born-in-the-cloud company, the chances are you’ll be running a mix of physical, virtual and cloud operations on-premises and in third-party data centres. You might even be running new architectures designed to further improve flexibility and reduce overheads: one study from 2018 found 72% of firms are using or evaluating containers and 46% doing the same for serverless computing.
There are security challenges associated with all of these decisions. Running heterogeneous environments can create dangerous siloes and blind spots, while IT leaders must be aware that physical cybersecurity tools cannot simply be migrated to cloud environments. The risks are compounded by today’s complex digital supply chains in which third-parties may need access to your servers.
All of which means today’s data centres have an attack surface far larger than anything seen before. Stretched IT security teams and confusion over the shared responsibility model for cloud security only add to the potential risks of serious data loss or service outages.
Data centres under fire
Organisations must keep threats at bay from an increasingly agile and determined enemy, protecting the bottom line and corporate reputation whilst keeping the regulators happy. Fileless attacks are a popular tactic, using legitimate components like PowerShell, scripts and macros and unconventional file extensions to circumvent traditional filters.
Often they are used in the growing number of targeted attacks facing modern data centres. We predict the black hats will increasingly turn to AI tools to make these even more successful, by profiling corporate processes and communications patterns to understand where and how to attack.
Often, developers are their own worst enemy. Code reuse is a persistent security risk but remains a popular way to meet the insatiable demands of the digital enterprise. Last year it was revealed that 17 malicious images were downloaded more than five million times from Docker Hub. A newly revealed vulnerability in ubiquitous container runtime runC also shows us that these new architectures represent a growing threat that many firms may not yet have woken up to.
Over 59,000 organisations across Europe have already reported data breaches to the GDPR regulators. But the threat to data centres goes beyond theft of customer information or sensitive IP. Ransomware remains a major risk which could halt operations and severely impact operations. Europol last year warned that it would remain a key threat for many years. Then there’s cryptojacking. We found an increase in mining malware detections of 956% from 1H 2017 to the first six months of 2018. Although this menace is unlikely to cause a service outage, it will eat up power and wear out your servers. But more importantly, it creates a point of presence in the organisation which the same hackers could return to in the future, perhaps bearing ransomware.
On the front foot
So what can IT security managers do in response? The most effective strategy is one based around risk management. Do some risk modelling and understand which parts of your data centre are ‘high risk zones’ and which are lower risk. Then apply technologies and processes relative to this risk. Segregate these zones so that if one is infected it will limit the damage.
Apply defence-in-depth protection across server, gateway, network and endpoint. Also consider investing in a blend of tools at each layer in order to tackle the wide variety of threats out there: there’s no such thing as a silver bullet.
These tools could include intrusion prevention (IPS), firewalls, white-listing, behavioural analysis, custom sandboxing and Machine Learning. Add multi-factor authentication (MFA), VPNs and encryption for data at rest to further mitigate risk.
Most firms will want a data centre security partner that can provide protection across physical, virtual and hybrid cloud environments, with security products designed specifically with these different platforms in mind. This will maximise protection and compliance whilst minimising any performance impacts. The most comprehensive approach will cover everything from pre-run-time container scanning to automated protection for dynamic workloads. With this set-up, firms can finally begin to realise a best practice security-by-design approach, supported by DevSecOps.
Finally, it’s important to think about security as a proactive, not reactive endeavour. To that end, consider threat hunting tools, or those which offer greater insight into data centre traffic flows to spot the early warning signs of suspicious activity. Incident response plans should be thoroughly tested and constantly adapted. Above all, good cybersecurity is a continuous process, not a destination.