Data centers face a host of challenges today, ranging from cost-effective cooling solutions that can manage the heat loads emitted by the dense computing environments they house to meeting the compliance requirements surrounding the data they store and process. And that doesn’t even take into account securing that data.
After all, when it comes to security, there’s more at stake than just protecting against physical threats, such as vandalism and theft, or even natural disasters like tornadoes and floods. Given the importance of data in the modern world, data centers are, in many ways, holding the keys to the digital kingdom. As such, they are increasingly caught in the crosshairs of bad actors, be they individuals looking to profit off stolen data or nation states looking to wreak havoc.
Boon and Bane
Modern data centers started out as places for organizations to store and process the growing amounts of data they collected and used to run their operations. However, in the late 1990s, at the peak of the dot-com era, many companies discovered that they could no longer efficiently secure and manage the tremendous volumes of data they were using to power their businesses onsite. Instead, they began to migrate that data to the cloud and looked to colocation service providers as extensions of their on-prem data facilities.
As their customers’ needs grew, however, so too, did the types of services they offered. Today, managed public cloud, interconnection/connectivity, managed services, and wholesale colocation are among the most in-demand services, and many colo facilities have turned to “as-a-service” models with options that are both agile and scalable to attract companies that moving away from hyperscale platforms such as AWS and Azure.
This rapid evolution of value-added, higher-function service offerings has proven to be both a boon and a bane for data centers. For while they now have a new roster of services on offer, they must now also account for a new host of threats – threats that are continuously evolving and expanding, with no end in sight when it comes to both their volume and sophistication.
A Data Center Evolution
Whereas most cyber threats to data centers have typically come in the form of cyber-attacks designed to steal data, increasingly, data centers are falling victim to distributed denial-of-service (DDoS) attacks, which serve to disrupt operations, cause a loss of productivity, and damage brand reputations, among other things.
The reason they are falling prey to these types of attacks in part lies in the fact that more and more data centers are acting as internet service providers (ISP) in order to keep up with the compute demands of their customers.
While it’s true that data centers are adding value, they are also assuming responsibility for those new services. Consider that in the public cloud, some level of basic DDoS protection is built into the platforms. But once companies move their workloads from these platforms into the data center and colocation space, they lose that automatic protection.
Data Center Security Strategies Revisited
It’s time for data centers to rethink their security strategies. This, unfortunately, isn’t an easy task, and one made more complicated because the nature of DDoS attacks is morphing to keep pace with the accelerated evolution of data centers. Whereas there was a time when most attacks originated externally (e.g., from the internet), increasingly they’re stemming from subscriber bots, access networks, and edge clouds.
Further adding to the complexity is the scope of these attacks. It wasn’t that long ago when DDoS attacks might have impacted tens of sites. Today, however, in keeping with the pace of data center expansion – especially as satellite data centers are added for edge computing – they can now encompass hundreds of locations.
Given the sophisticated nature of today’s DDoS attacks, data centers and infrastructure providers offering internet services need strong solutions to protect themselves against attack traffic. It’s not enough to depend on on-demand legacy approaches, which can create unacceptable lags between the start of an attack and remediation, and which can be both resource-intensive and error-prone.
To counter these attacks, data centers should look for solutions offering real-time, automatic DDoS mitigation technology that provides DDoS protection at full edge bandwidth, and that are capable of scaling to tens-of-terabits per second of protected capacity. Such solutions eliminate the need to manually analyze events and reroute traffic, shrinking the detection-to-mitigation-to-protection timeline to seconds.
Ashley Stephenson is Chief Technology Officer at Corero Network Security. With a proven track record in the technology industry as an IT industry executive and internet technology entrepreneur, Ashley leads Corero’s global DDoS mitigation solution strategy.
