NASHVILLE, Tenn. – Corporate data centers are the front line in an escalating battle between electronic attackers and defenders, and must be vigilant about defending their perimeter, cybersecurity guru Winn Schwartau told industry managers in his keynote address this morning at the Data Center World Fall 2012 conference. That’s especially true for leading cloud computing data centers, he said.
“I maintain that cloud computing is critical infrastructure, and we have not taken appropriate steps to protect it,” said Schwartau, who called out a leading cloud provider for its downtime and architecture.
Is The Cloud Resilient Enough?
“I love Amazon,” said Schwartau. “But when you sign up for EC2, you find that backup and redundancy are options, and I just think that’s insane. Backup and redundancy should not be optional for someone providing critical infrastructure.”
Schwartau was referring to Amazon’s compute-on-demand cloud computing service, which allows users to deploy virtual servers on Amazon’s data center infrastructure. A recent power outage at an Amazon data center knocked many popular web services offline, highlighting the fact that Amazon users must provision servers across more than one “availability zone” to truly take advantage of the redundancy available across company’s distributed network.
Whether or not mission-critical services should run on Amazon’s cloud (or rely on a single availability zone) is a matter of debate. But Schwartau said that many data centers are playing a more important role than they know.
Schwartau, a leading speaker and author on Internet security threats and concepts, has testified before Congress as an expert on cybersecurity, and has been a regular speaker at the DefCon security conference and in the media. In the early 1990s, he began warning of the risk posed to the United States by “information warfare.” Schwartau says that online battles are being waged by nation states, but government systems are not always the target.
Data Center Managers “Undervalued”
“The front line is now the private sector,” said Schwartau. “Suddenly, we find ourselves defending our critical infrastructure at the private level with a bunch of geeks.
“I think you guys are undervalued and underappreciated,” he told members of AFCOM, the leading association of data center managers and organizer of Data Center World. “You are an asset to national security. You are the support system for the economy of the world.”
Schwartau emphasized the need for data center managers to screen employees carefully and be vigilant about the potential for insider attacks. He also urged them to be thorough in vetting their utility and network service providers about maintaining separate pathways for redundant power and fiber routes. He related the tale of a client who paid handsomely for a second network hookup for its data center, only to find that the divergent fiber entrances went only a few blocks before meeting in a shared conduit.
Schwartau said he sees his role as that of an industry gadfly “stirring the pot” and prompting critical thinking on security issues. “I’m going to talk about stuff that will annoy you,” he said. “I’m hopefully going to take you out of your comfort zone.”
But on some topics, and old jokes, he was in familiar territory. “What is the dirtiest four-letter word you can think of?” he asked the crowd, with a number of attendees spontaneously yelling “USER!”