According to a SolarWinds survey earlier this year, while organizations may be more prepared today than in the past, the threat and consequences of cyber attack and security breaches loom as large as ever. You can read more about these findings in a previous guest post by my colleague and the former author of this column, Mav Turner, at http://bit.ly/2glHY9l.
But for evidence of this fact, you actually need look no further than the recent disclosure of Yahoo!’s 2014 data breach — the largest in history with 500 million accounts’ worth of personal user data stolen by attackers — and Dyn’s outages following a particularly inventive and large-scale DDoS attack in late October.
The reality is that as 2016 comes to a close and we look to the year ahead, one thing we can expect to remain a constant is the threat of cyber attack.
A DATA CENTER SECURITY PREDICTION FOR 2017
In fact, SolarWinds predicts that in 2017 there will be exponential increases in both the volume and visibility of data breaches, particularly for large corporations. The next major data breach or other disastrous corporate attack isn’t a question of if but when.
To combat this, we expect to see a new crop of information security firms enter the marketplace to provide guidance on penetration testing and other security expertise. At the same time, however, added government funding for the Cybersecurity National Action Plan (CNAP) means we will likely see an increased number of individuals billing themselves as security experts when that title may only be loosely applicable; something to be aware of.
Simultaneously, this increase in data breaches will force organizations to weigh the implications of potential data loss against the expense of hiring security experts. In many cases, businesses in 2017 will choose to take a calculated risk about what they can “afford to lose” rather than what it costs to prevent data loss entirely.
This all begs the question: What can you do to prepare your data center for the threats to come?
DATA CENTER SECURITY GOALS FOR 2017
There are several things you and your organization should do to prepare for protecting your data center in 2017. Here are some data center New Year’s resolutions to consider:
Invest in SIEM software. Integrating security information and event management (SIEM) software into an environment allows you to ensure that vulnerabilities are being taken care of by leveraging an easy interface within which one can handle things like patches and log event management. This type of software acts as a safety net of sorts, proactively monitoring for security vulnerabilities and configuration problems and alerting when an issue needs to be addressed. It’s especially useful for organizations without a formal security team or process, and that are particularly susceptible to low-hanging vulnerabilities like late patches, leaving things at default settings or not requiring regular username and password updates from their end-users.
Create a security team. Attackers have automated network searches in place to find things to breach and steal, and as a result, you must be more vigilant than ever when monitoring systems with the most sensitive, and therefore valuable, information. Even if a complete team of security experts isn’t feasible, your organization should at least look to create a basic level security team that can work together to create a security framework and evaluate it on an ongoing basis to best prevent successful attacks. And remember: the security landscape is constantly changing, so this should not be a “set it and forget it” plan, either. Rather, it should be reassessed every six to nine months to ensure everything is up to date and as effective as possible. In many cases, I’ve evaluated a company’s security process and found that policies were set up as much as two years prior without any thought to updating it.
Once such a team is in place, your origination should plan to leverage a comprehensive monitoring toolset that can outline a baseline of performance across systems, networks, and databases, which are particularly vulnerable to attacks. Having a fundamental understanding of what typical performance looks like for these pieces of infrastructure will normalize the security expertise of a team by providing a reference point to check when something seems wrong. Your security team can then execute on a pre-determined response plan in order to quickly and effectively remediate.
Use what’s already available to you. These days, there’s no limit to the amount of free and readily available resources you can leverage. The National Vulnerability Database and the Common Vulnerabilities and Exposure (CVE) database, for example, provide real-time updates on current and potential future security threats, their corresponding level of seriousness and suggestions for remediation that you can use to inform the updates and patches they roll out. You should take advantage of these resources and all others available to you to stay on top of security trends and leverage their alerting features to best maintain your organization’s security.
Save endusers from themselves. Enduser education is a sorely underutilized method of further securing data. The numbers consistently show that a majority of attacks actually originate inside organizations, often stemming from things like an employee falling victim to a phishing scheme or other accidental enduser errors that stem from an inadequate understanding of potential security threats.
Of course, most endusers don’t want or mean to cause problems, they just don’t always understand what they’re doing and how one action today can cause trouble tomorrow, the next day or even months from now. At the end of the day, your data center security is only as strong and secure as the weakest link. As more and more enduser devices get added to the network and access data center resources through workplace trends like BYOD, BYOA, and IoT, it’s in your organization’s best interest to properly educate its end-users about the impact they can have on overall security. You should be proactive and transparent about flagging security vulnerabilities that could be exacerbated by end-user activities, such as using company email on a smartphone OS that requires a security patch, or accessing a social media profile with a password that may have been part of a larger breach.
It’s never too early to start thinking about New Year’s resolutions, especially when they involve improving data center security. The four suggestions here are a good place to start in developing reliable data center security measures that will help protect against the expected rise in data breaches and other cyberattacks in 2017.