Data Center Security Management—Three Simple Ways to Improve Security

This summer, the Federal Data Center Consolidation Initiative (FDCCI) ran into a problem with the Government Accountability Office. The FDCCI’s mission is to consolidate the number of governmental data centers to reduce infrastructure and operational costs, as well as to reduce the overall real estate and energy footprint caused by an excess of these facilities. It turns out that the FDCCI’s original initiative from December 2011 listed 3,133 total federal data centers to be consolidated.

However, during a recent joint House-Senate briefing, this number more than doubled to include more than 7,000 data centers.

What’s the explanation for this dramatic increase? A spokesperson for the Office of Management and Budget (OMB) has attributed the elevated count of federal data centers to a definitional change. OMB has expanded the definition of a data center to include centers of “all shapes and sizes”, including smaller server setups.

These definitional changes are happening within the business sector as well as the federal government. Compliance and auditors are constantly concerned about identifying all of the systems where assets are at stake. This becomes tricky when intellectual property may reside in traditional centralized data centers, smaller data center closets, and of course, cloud-based infrastructure. Fortunately, there are three simple steps you can take to improve upon the increasingly complex issue of data center security.

Step 1: Identify the systems and assess their security levels

McAfee recently released a new version of McAfee Data Center Suite for Servers that provides the ability to discover and connect with all systems located within a VMware vSphere environment and also an Amazon AWS Elastic Compute Cloud. In addition, a centralized data center dashboard captures and creates an inventory of the servers across physical, virtual, and cloud environments. This new dashboard is the first step in being able to improve security management for all types of data centers. Through McAfee ePolicy Orchestrator® (McAfee ePO™) software, the security posture can be assessed for these systems and— if warranted—a task can be initiated to add security controls.

IT needs to support business priorities. This includes the rather new territory of supporting line-of-business managers who have bought or sponsored development of their own applications. Unfortunately, many of these applications that weren’t originally sanctioned by IT may have vulnerabilities, or pose risk to the business if left unverified.

Step 2: Application inventory and reputation assessment

One of the tasks McAfee ePO software initiates for data center servers is to configure Application Control into update or observation mode. This function serves to capture the existing applications on the systems, alert to new applications being installed, and check with McAfee Global Threat Intelligence on the reputation of the applications. IT can now assess business applications dynamically as they are identified and actively used for the business, either in the internal data center or in a cloud platform.

Once a project is initiated and up and running, whether done by a line-of-business manager or by IT directly, the ongoing security management is a concern. In the elastic data center, there are three types of change you should be monitoring:

  • Change of the underlying host
  • Change of the virtual machine parameters
  • Change of the operating system and applications running within the virtual machine

Step 3: Attestation and monitoring change

McAfee Datacenter Suite for Server can now discern which hosts have Intel Trusted Execution Technology and can report on the boot attestation of the virtual machines it identifies. This gives an added layer of security confidence to host integrity. Through the McAfee Security Innovation Alliance partner HyTrust, information can also be integrated into McAfee ePO software. This software will act to notify of changes made by a privileged vSphere account that would affect the security and parameter settings of virtual machines. With McAfee Change Control, detailed file integrity monitoring within the operating system and applications running within the virtual machine can also be closely watched.

There you have it— Three ways to improve security using three types of computing: Private data center, elastic cloud computing, and even the smallest data center closets. Visit the McAfee Data Center Security solutions page to learn more about how McAfee continues to secure the evolving data center. And follow @McAfeeBusiness and me on Twitter to stay up to date on the latest in the arena of data security.

 -Kim Singletary


Leave a Comment

nine + nine =