Through the seemingly never-ending onslaught of security breaches making headlines day after day, we are learning that the most intrusive and harmful attacks are actually the ones related to low-level security holes.
The only thing that will counteract this trend is to make security a priority. We are most likely all aware of security’s importance, but all too often, it is brushed aside to make room for more speed and agility. Don’t get me wrong, speed and agility in our data centers is important, but if it comes at the expense of security, we need to rethink things and keep the cost of a data breach top of mind.
This is especially true as technologies like cloud, hybrid IT, virtualization, and hyper-convergence are fundamentally transforming IT, for better and worse. While these technologies and others have great benefits, they also increase data center complexity, and therefore, the complexity of data center security.
What follows are the first five of my top ten data center security best practices. These best practices were developed based on an analysis of the data breaches we saw over the course of 2016. I will be the first to admit that this is not a comprehensive list or a cure-all. Rather, these are the top ten data center security best practices I think are either underutilized or less understood, but that if implemented, will help strengthen a defense in depth strategy.
Physical security and surveillance technology. The reality is that insider data breaches are still happening at a higher percentage than breaches that originate from outside an organization. Thus, it’s critical to closely control physical data center access and invest in video surveillance. Make sure you have backups for the video storage. Video footage should be captured and monitored from a central location. Video analytics is something else to consider, as such tools have been used to identify events and patterns that can lead to security risks. This is a first line of defense against internal breaches, and can also help quickly rule it out when determining the source of a data breach.
Consider security consultants. There is a lot going on in the modern data center, and you have probably already got your hands full even before adding a renewed focus on security. Therefore, consider outside security consultants who can devote more time than perhaps you can to testing, reviewing, and consulting on the security risks and needs of your business. Being able to bounce ideas back and forth and learn about solutions you may not have thought of can help you be better prepared and verify security compliance objectives. It can also create and improve your confidence in any custom-tailored security plan that matches the needs of your business, not to mention implementing it faster.
Monitor data center health. I’ve said it before and I’ll say it again: one of the most overlooked and underutilized keys to a secure data center is understanding what “normal” looks like within your environment. Doing so makes it possible to recognize abnormalities that may indicate a security breach. This baselining process should be part of a robust security policy that improves your team’s ability to build and execute on a predetermined response plan when deviation is detected. As I outlined previously, good places to start are network bandwidth utilization, data storage volume, CPU, and memory.
Implement security information and event management (SIEM). As my colleague at SolarWinds and the former voice of this column put it: “SIEM solutions are a specialized log management tool that automatically detects, alerts, and responds to suspicious behavior on network devices, servers, workstations, and applications. Top-tier SIEM solutions also provide real-time, in-memory event correlation for instantaneous detection of suspicious activity, automated active responses for threat mitigation, file integrity monitoring, threat intelligence, USB monitoring to protect sensitive data, built-in correlation rules, and ‘audit proven’ report templates. Log management [also] plays a crucial role in compliance with all major commercial and government regulations, such as HIPAA, PCI DSS, SOX, ISO, FISMA, FERPA, NERC CIP, GLBA, and others.” In summary, log and event monitoring helps you to prepare for, detect, and defend against internal and external threats quickly by parsing, alerting, and reacting to a myriad of security events.
Configuration control and management. Most technical policy controls are implemented through device configurations. Once devices are properly configured and baselined, it’s important to regularly audit configurations to ensure ongoing compliance to policies and standards. In addition, configurations should be safeguarded by being regularly archived and by following effective change controls.
I hope these first five of my top ten underutilized or less understood data center security best practices have given you something to think about, and even better, a starting point to take action. I also hope you will stay tuned for part two in this series, which will outline the remaining five best practices. At the end of the day, the best advice on data center security anyone will ever give is: never assume you are done. There is always more that can and should be done to keep your data secure. That’s not meant to be demotivating. Just the opposite, in fact. While keeping up on security is often viewed as a burden, it can actually be quite fun and very rewarding.