CNIC Information System with Pakdata Cf In Pakistan
The Datacenter Security Continuum
1. The Datacenter security
DataCenterDynami
continuum
Martin Hingley
ITCandor
The Secure
Data Center
2. Agenda
• The security continuum
• Same ‘bad boys,’ deeper threats
• Don’t be wise after the event
• Organisation, technology, process – a balanced approach
• Conclusions – how to build better data center security
DataCenterDynami
3. Introduction
• A review of a published DataCenterDynamics research
paper
• Contributors:
– Amichai Shulman, Imperva
– Felix Martin, Richard Archdeacon, HP
– Mike Smart, Symantec
– Peter Jopling, IBM
– Warren Wu, Fortinet
• Designed as a strategic review
DataCenterDynami
4. Data center protection is part of the
security continuum
Mainframe
Mini
Client/Server
LANs
DataCenterDynami
• New trends change
the definition of the
datacenter
• The attack surface
includes the
network and
endpoints
• Virtualisation
changes everything
• Security is forgotten
in the need for
instant gratification
• Compliance is akin
security
• You can’t lock the
datacenter away
any more
Internet
Virtualisation
Cloud
Computing
Mobility
IoT
Social
1980 1990 2000 2010 2020
Low Insecurity High
Insecurity grows as technology develops
5. The Potential sources of data center
insecurity
DataCenterDynami
Internal External
Deliberate
Accidental
Disgruntled staff
Unhappy Ex-staff
Criminal Hackers
Automated Spam
Government Spies
Un-vetted Partners
Insufficient Controls
Naïve Digital Natives
Unplanned Downtime
Insecure Clouds
Network Failures
Criminal Partners
6. The data center under attack – the
different forms of hacking
SQL Injection
Physical Access
DataCenterDynami
Spear Phishing
The Secure
Data Center
Distributed Denial
Of Service
Trojan Software
Cross-Site Scripting
7. Security issues and Cloud Computing
choices
Private Cloud
(on premise)
Average
Hybrid Multi-
Tennant Cloud
(off premise)
Average
DataCenterDynami
Hybrid Private Cloud
(on/off premise)
Average
Performance Elasticity
Public Cloud
(off premise)
TCO
Security
Performance Elasticity
TCO
Security
Performance Elasticity
TCO
TCO
Security
Security
Average
Performance Elasticity
8. Don’t be wise after the event
• Security events can be a 10k issue
• Watch your competitors – take action to avoid their
lapses
• If breached, don’t just buy new software – reconsider
your attitude towards risk, security posture and
precautions
• Governments, Cloud Security Alliance, PCI can help train
you
• Telco and Finance are highly regulated and typically more
secure
• Manufacturing and IP-rich sectors are less so
• Criminals expect you to secure the datacenter in a
standard way
DataCenterDynami
9. Addressing organizations, technologies
and processes
Educate the board,
staff and contractors
Increase awareness
of Security issues
Use the best discrete
software, appliances
and services
Assess the affects
of new devices
DataCenterDynami
Organisation
The Secure
Data Center
Identify privileged
users
Make security
Technology Process
part of the
business
process
Identify high
security
apps
10. DataCenterDynami
The Secure
Data Center
Key Findings
• Datacenters are now logical – not just physical entities
• The number of users, interactions and vulnerabilities are growing
• Hackers are just part of the internal, external, deliberate and
accidental threats
• Don’t wait for a breach to make positive changes
• Highly-regulated sectors tend to do those better than others
• Address organizational, technology and process issues in your policy
• Protect your privileged users and most sensitive data deeply - find
creative ways to handle the vulnerabilities of the rest
• Look deeply for vulnerabilities
• Be creative in your precautions
• Make the data center part of the wider security continuum