Industry Perspective: What are some of the main security concerns for data center managers today?
Rainer Enders: The evolution of modern data centers, while beneficial for many reasons, is exposing serious security pain points along the way. For one, as data centers grow in size to keep up with enterprise computing needs, it becomes increasingly difficult for IT managers to adequately protect all corporate assets, which include everything from data and documentation to software and supplies. As capacity expands, data center managers are finding it harder to maintain critical IT compliance and security measures, such as managing and de-provisioning privileged user access, and running compliance reports that are growing in both depth and volume. Additionally, with the rising popularity of virtualized and cloud environments, data center managers are tasked with baking security into all compute, network, storage and hypervisor layers. This is a considerably difficult task, in light of the numerous emerging attack vectors that constantly increase in sophistication, such as ever-morphing advanced persistent threats (APTs) that are compromising critical corporate information.
IP: What specific security challenges arise as companies outsource to the cloud and rely on remote services with increasing frequency?
RE: The most critical security challenges that arise in cloud deployments are compromises to remote access connections—in the form of session-hijacking attacks, for example—and compromises of cloud-hosted resources, such as virtual machines, from within the hosted provider network. Insufficient security architectures and controls in operator networks can cause great harm. A major compromise can not only lead to a significant loss of critical data, but it can also infiltrate systems and serve as a platform for attacks against other systems or networks.
IP: What is the role of VPNs in enabling secure communication and service provisioning over the Internet?
RE: A virtual private network (VPN) not only secures all data transfers in an encrypted tunnel, but it also seals the communication as early as Internet dial-up, which is the most frequent vector for cyber-attacks. The optimal VPN solution offers the greatest possible flexibility, including support for IPsec and SSL, as well as seamless roaming capabilities between various communication media, such as LAN and Wi-Fi. It also enables IT administrators to centrally manage all clients, users and other relevant components of the VPN infrastructure. Remote services to critical infrastructure must be properly protected by means of the strongest secure remote-access technology such as IPSec VPN. It is no coincidence that IPSec is an integral component to IPv6, the next emerging Internet Protocol.
IPsec VPN clients, in particular, provide transparent Layer 3 remote access and offer high-level security in the form of strong authentication and authorization. Furthermore, they allow information-security professionals to tie in additional security functions, preventing malicious external attacks. Other potential security functions include hot-spot logon, managed endpoint dynamic firewalls and endpoint-protection policies. Lastly, IT managers should integrate VPNs into existing identity-management platforms and processes, including full automation of user provisioning, delivering high-end security, operational efficiency and cost effectiveness.
Stay tuned for Part Two of this Q&A next week.