The measures for setting up security in a data centre were defined and tested quite a long time ago. Firewall, antivirus and other specialised software exists and is becoming better and better.
However, protecting data today calls for a more flexible and multifaceted approach. The systems have scaled up and become more complex, the interactions between their components have reached a new level, and failing to keep pace with the changes can result in new vulnerabilities.
This is what you must pay attention to when setting up a modern and effective security system:
- Monitoring and supervision of software designed specifically for data centres. This software is usually picked up as-is, and is not viewed as a source of risk. More attention is paid to traditional web applications (e.g. social media sites) and the software associated with them. At the same time, even the latest firewalls often just ignore the traffic generated by such software. The result is a potential vulnerability in your security system.
- There must be control not only between the data centre and the network, but within the infrastructure of the data centre itself. Various firewalls can cover the perimeter of the system; however, most of the traffic in modern data centres is internal, among the data centre’s applications and services. Any attempt to filter these data flows with perimeter defence measures will compromise the cohesion of data and significantly reduce the performance of the data centre.
This requires your own, often unique solution that is optimised for the structure and traffic in question and customised for the virtual operating environments.
- Embedding ample capacity for adapting to changing operating conditions the structure of a modern data centre is far from being static or monolithic. There is constant motion within the system: from physical components to virtual ones, from traditional network infrastructure to software-defined networks etc. The working environments see constant evolution.
In these conditions, the difficulty of making manual adjustments in lists of rules and something as simple as access rights multiplies, and putting new hardware into service takes longer and longer. This is where automated adaptive mechanisms for applying security rules are so important.
- Network protection: integrated and comprehensive Advanced data centres (such as the data centres of DEAC) are protected not only along their perimeter, but also at the main nodes that can be attacked. This protection should not be simply an added external module, it must be a fully integrated system providing smart security for the entire infrastructure of the data centre.
The problem of comprehensive data protection can only be tackled through continuous improvements and by implementing new solutions.