"Comprehensive data center security is a tricky thing to achieve. Many of the same features that make the data center so vital to business development - troves of data storage, cloud infrastructure support, highly connected networks - also increase their potential vulnerabilities. Data storage will always be highly targeted by hackers, who hope to swipe personal and company data for profit. But what defines a ""hacker"" these days really isn't really limited to a lone operative typing furiously in a basement, lit only by the dim glow of the computer screen - hackers are part of massive operations; they're attacking in many different forms; the biggest threat they could pose could be to their own company.
Data center providers and users have aggressively targeted security over the past few years and will continue to do so. A'‹ TechNavio forecast projected that the market for global data center security will rise at a compound annual growth rate of 8.23 percent between 2013 and 2018. The array of needs spurring adoption, including disaster recovery, more robust network security devices and better management, underscores the enormous task at hand. At the same time, TechNavio analysts noted that rising costs of data center security services could ""pose a challenge to the growth of the market."" The more worrying message is that they will ""pose a challenge"" to companies' ability to protect themselves.
Organizations will have to focus on spending their data center security money wisely. The nature of data center security is such that it can quickly turn into a cost sinkhole, with companies hemorrhaging cash in a never-ending game of catch-up. With that in mind, here are the three most significant threats to data center security today:
1. People
There's no way around it: People pose an ongoing risk to data center security. While automation technology has advanced considerably in recent years, humans will always be key to directly operating the data center. Enterprise employees also pose a constant threat to data integrity and network protection. A recent study conducted by Vormetric found that anxiety over insider threats runs rampant in the enterprise. Of the more than 500 IT security managers found that 50 percent are concerned about security lapses or breaches instigated by employees. Forty-four percent worry about third-party access to company networks and data, while 38 percent see IT admins and other privileged users as risks. Getting proactive and keeping the lines of communication open are imperative for companies and data center providers to secure facilities and data against insider threats, wrote PC Magazine contributor Abigail Wang.
""Protecting data at its source, like servers and databases, should be a top priority,"" Wang wrote. ""It's a good idea to monitor data access patterns, use tools to find irregularities and make encryption and access controls a default.""
Besides making encryption and access controls mandatory, companies need to focus on some common errors, like a lack of background checks and lax accountability policies, which arise from tight budgets and too little time. Security at facilities themselves must hone in on prevention tactics - stringent checks of anyone on the premises, and network monitoring tools that immediately notify relevant IT staff of anything out of the ordinary. It may also be worthwhile to approach the issue from a psychological angle, wrote Federal News Radio contributor Sean McCalley, as comprehending the reasons insider threats grow - poor crisis management skills, a lack job satisfaction, frequent complaints - can help organizations better see red flags and work on keeping data safe from human error.
2. Shadow IT
While people can contribute to shadow IT, the scope of risks it presents merits a separate category. In a nutshell, shadow IT encompasses any IT systems or tools that are built or used inside of an organization without specific administrative approval. Although the name carries a negative connotation, shadow IT is often responsible for technologically innovative prototypes or efficient workarounds. As IT becomes more expansive and central to business strategies, the potential risks have mushroomed. For example, 80 percent employees admitted they use software-as-a-service applications not approved by their companies, a Frost & Sullivan study found. Often, complex IT systems are deployed or overseen by decidedly non-tech users; this means that some of the on-premises tools a company connects to an offsite data center could fall under the purview of someone with inadequate knowledge or disrupt the systems currently in place.
One way to crack down on shadow IT, without severely impacting the user experience or effectively creating a blanket discouragement of IT innovation, is to move data center operations to the cloud. Doing so, said David Coyle, managing vice president of Gartner Research, could help give organizations the flexibility, efficiency and budgetary resources they need to develop more visibility into what IT systems they do have and holes they need to fill.
""The old ways of doing business aren't working anymore and organizations are having to respond to different pricing models, going to the internet of your brick and mortar, having more mobile applications, so we really have to respond faster as an organization to this digital economy,"" said Coyle. ""If the business is having to respond quicker, then you as an IT organization will have to respond quicker than ever before.""
3. The Internet of Things
The much-ballyhooed Internet of Things, forecasted by Gartner to grow to 26 billion units globally by 2020, will also pose numerous security challenges for data centers and the industries they support. With more devices, connections, users and unknown variables, the IoT is basically all of the physical and network security challenges for data centers rolled up into a single, difficult-to-control package. And it's still evolving.
Recent data breach and server vulnerability incidents, culminating in Heartbleed, illustrate the inherent dangers of connected devices. Malware and other cyberthreats can spread like wildfire through connected devices and machine-to-machine communications networks, many of which receive less attention from security officials and smaller budgets. But as Computerworld contributor Jaikumar Vijayan pointed out, while the IoT may pose heightened security concerns, they aren't fundamentally different from the threats that have always been present where connected IT systems intersect.
""The challenge for IT is less about technology and more about getting ahead of the security curve,"" Vijayan wrote. ""Many of the technology controls needed to secure a highly connected world already exist. What CISOs and other IT managers need to focus on are policy and process - specifically, developing secure deployment practices and polices and putting in place architectural foundations for accommodating new IP-enabled devices.""
For data center providers and the companies that invest in their services, safeguarding the Internet of Things requires hyper-vigilance and attention to even the most minimal of outliers. It may make sense for organizations to increasingly outsource services like disaster recovery and network protection to providers highly trained in these specific areas. The IoT puts many variables in play, so businesses may be better off looking for a security constant to stay above the fray.
Looking Toward the Future
Data center security will play a fundamental role in enterprise's capacity to protect themselves and their business models. As virtualization, the everything-as-a-service economy and tightening industry compliance measures increase the need for accountability and granular management, it will be up to companies and data center providers to forge mutually beneficial safeguard arrangements that shield all parties from the coming storms."
