Liviu Arsene is a Senior E-threat Analyst for Bitdefender.
Organizations are responsible for the security of their own data in the cloud, (even when working with IaaS cloud providers) so understanding security requirements for hybrid cloud workloads is paramount. This article will help readers understand how to reliably protect cloud workloads, while promoting the benefits of agility, simplicity and flexibility enabled by the cloud. The author will address:
- The importance of visibility and manageability across diverse virtual environments to ensure security
- Steps to manage the dynamic and complex nature of hybrid data center environments --under constant change--without gaps or lapses in security
- The implications elastic cloud scale has for security, and how to prepare
In a fast-changing IT environment, companies have already started moving away from legacy hardware-centric systems and toward revolutionary technologies - such as software-defined data centers, hyperconverged infrastructures, and hybrid cloud - while keeping data protection as a prime concern.
Four in five CISOs say their data center is undergoing a major data center transformation: 67 percent already store data on hybrid clouds, 65 percent use software-defined networking, 63 percent rely on virtualization for corporate data, 57 percent have enabled software-defined storage, and 35 percent have embraced hyperconverged infrastructure, a recent Bitdefender study found.
But can security keep up with data center transformation initiatives?
Step 1: Visibility at Dusk Essential
Whether private, public or hybrid cloud, migrating to such an infrastructure comes with challenges. IT security experts and C-level executives frequently cite a lack of visibility as a top concern and regularly struggle with a lack of policies and how to handle access from unauthorized devices. It’s no secret – visibility is a vital function in safeguarding corporate assets and infrastructures, as well as in detecting breaches.
If traditional data centers were, roughly, a pile of hardware that required lots of manpower to maintain – a nightmare from an operational perspective – the transformed modern data center consists of a software-defined data center: a combination of software-defined compute (virtualization), networking (SDN), storage (SDS), and a common management layer. Think of the traditional data center as a vintage car: it’s fun to keep around because it reminds you of the good old days, but it’s a money pit in terms of spare parts, service time, and fuel consumption.
Challenges brought on by lack of visibility can be best described as walking around in a lion’s cage, blindfolded. You don’t know how many lions there are, where they are, or how close they may be. What’s more, neither do you know if you’re the only victim. Visibility is essential for understanding how and when your network has been compromised, as well as for plugging security blind spots and updating your security strategy.
Step 2: Choosing the Right Weapons
As the data center undergoes major transformation, security solutions must ensure that enterprises can extract maximum value from software defined data centers, hyper converged infrastructures, and hybrid cloud. Conventional endpoint security solutions – originally designed for hardware-defined, premise-based infrastructure – are unsuitable for the modern data center, as they are inefficient to maintain and deploy, hardware-intensive and often ineffective against advanced targeted attacks. It’s basically like posting a “No Trespassing” sign and leaving security at that. Sure, it might sound intimidating to a 10-year old, but it will definitely not stop a professional bad guy from poking around.
The modern data center demands a solution that can address both on-premise and virtual environments. When opting for a hybrid cloud solution, an organization must first perform an analysis of the type of data it handles and evaluate it based on how sensitive it is – both for the company and its clients. Critical, personal and private data related to intellectual property must be stored on premise, with access to it available only to authorized personnel.
Organizations that handle sensitive or confidential data, or data related to intellectual property, need to make sure their private cloud infrastructure remains private.
Step 3: Elastic Cloud, Scalable Security
Companies and organizations are undergoing a digital transformation that aims to leverage the major benefits of elastic cloud, revolving around automatically provisioning and de-provisioning resources in a manner that closely matches current demand. Since virtual workloads are considered volatile and perishable, securing them may become a problem if traditional security tools are deployed. Consequently, protecting them demands security capable of handling the demands of virtual infrastructures, with the ability to automatically scale and secure virtual workloads based on their role and company policies.
For instance, web servers are usually the most provisioned machines. This means that whenever new ones are provisioned, the security solution needs to automatically secure the newly spawned workload and apply standard security policies – without affecting the overall performance and stability of the infrastructure.
Conclusion
The vast majority of IT executives say data center modernization will have a favorable influence on their company, bringing both business agility and lowering IT operating expenses. However, with 2017 having already set new records in terms of magnitude of cyberattacks, CISOs should be aware that it’s only a matter of time until their organization will be breached. That's because most still lack efficient security shields, and being compliant with security requirements and using the right tools for hybrid cloud workloads proves to be vital to securing the IT infrastructure.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.
