Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security – virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @IntelSec_Biz for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.