IT Focus Area: infrastructure operations
June 12, 2016
5 Keys to Managing Risks in a Hybrid Data Center Model
Editor's Note: Sirius and Forsythe are now one company. Sirius acquired Forsythe in October 2017 and we are pleased to share their exceptional thought leadership with you.
Your data center will soon be busier than Grand Central Station.
Data center traffic is expected to triple over the next five years. According to the Cisco Global Cloud Index, 76% of this traffic will come from the cloud by 2018. This is an increase of 22% from 2013.
IT organizations are flocking to cloud services for increased agility, productivity and cost savings. However, storing information outside of your data center presents a number of security risks.
How can you handle this rush of cloud traffic while you scale your data center quickly, securely and cost effectively?
The hybrid data center: your path to the cloud
The hybrid data center offers enterprise IT organizations a path to the cloud without being all in. This reduces both your costs and your risks.
With a hybrid data center, your IT workloads can live in the following areas:
1. Traditional enterprise IT or legacy systems
2. On-premises private clouds
3. Third-party off-premises infrastructures
A hybrid data center offers flexibility, so you can quickly adapt to changes in your market and meet customer needs.
Why breaches happen in hybrid data centers
While a hybrid data center can reduce your security risks, it won’t make you immune to threats.
The root cause of many breaches is a failure with IT operations. Not a security failure.
According to Symantec, 67% of breaches were aided by “significant errors” from “well-meaning insiders”. These errors include unprotected servers, unencrypted emails and lost or stolen mobile devices. A major cause of IT operations failures is missing or insufficient processes. If your environments aren’t proactively managed, they will be prone to errors or omissions that elevate risk.
Many IT organizations are understaffed. Overworked IT professionals wear many hats – especially a fire helmet. This makes it challenging for them to stay on top of security best practices. For example, someone in IT may see a problem with an application. However, IT organizations may not have the resources to fix it right away. Then, a hacker may find the vulnerability and break into a network.
Data center security is typically handled after a migration. However, this wait-and-see approach won’t work with a hybrid data center. While a reactive approach may have worked with the data centers of the past, it’s no longer enough. Failing to proactively address security during the planning phase compromises the hybrid data center’s primary intent — robust and uninterrupted service delivery.
In addition, IT silos can threaten your security when you move to a hybrid data center. Does your IT organization have the maturity, resources and processes to manage a migration? If no one takes ownership of the project and you don’t have the right governance, you’ll put yourself at risk during the migration.
5 keys to securing the hybrid data center
Your data and applications are your crown jewels. Everything you do should support their availability, integrity and security.
Here’s how to formalize your security program, so you can protect your organization and minimize your risks:
1. Think about your risk management program holistically
For companies, the damage associated with security breaches and advanced persistent threats can be devastating. IT security impacts every aspect of a business, so a successful attack can dramatically impact your financial performance, brand reputation and customer loyalty.
Companies should shift their focus from breach prevention towards detection and response. It’s key to conduct a vulnerability assessment and understand how your mission-critical business services will be impacted by a breach. It’s also important to establish an incident response program, so you can quickly respond to a security incident.
2. Gain visibility into your environment
You can’t protect an application if you don’t know it’s there. Many IT organizations put all of their applications in one basket. While this allows you to more easily manage and expand your environment quickly, it also makes it easy to lose sight of what you have. Before you move to a hybrid data center model, it’s critical to understand where your workloads sit and how your applications interact with one another.
Map your applications, data flows and interdependencies. Although mapping all your applications is a daunting project, doing it thoroughly now will protect you in the future. If you only map a portion of your applications, you’ll put yourself at risk.
3. Standardize your security controls
Since a hybrid data center includes a mix of legacy and cloud infrastructure, you might need to take a few extra steps to secure the business. Start by carrying your legacy security into your data center’s other architecture. For example, if you want to build a firewall, you can use this as an opportunity to change your mindset by leveraging the technology in a cloud or virtual environment. The key is to reduce the diversity of technologies in your environment and standardize your security processes.
4. Find out who's accessing your data center
Complexities around administrative access become magnified in a hybrid data center, as you have a variety of roles touching your data. Understanding the relationships that exist between people and applications is paramount. As the user landscape has evolved to now include employees, third-party business partners, subcontractors, and potentially even customers, it’s critical to have a firm handle on the identity of the user base and to understand the normal behavior associated with the way they access and use your applications.
5. Change your governance model
IT organizations usually don’t have the right guidelines and processes to manage a hybrid data center. Before you migrate, update your approach to corporate governance to reflect a hybrid model. For example, address IT security for both internal and third-party applications. Ensure that your risk assessments for third-party applications are consistent.
You may also want to enable your IT services through process automation and change management. This will allow you to standardize your processes, identify common issues and improve your IT service delivery in a methodical and results-driven manner.
You may also want to understand how your IT operations management and disaster recovery are linked. The more mature an IT operations team is, the faster an IT organization can recover from a disaster.
What’s the future of data center security?
The convergence of security controls and IT management is a growing trend. For example:
How do you operationalize all of these tools and maintain your visibility while doing so?
How do you produce information for audits?
How can you do this without impacting your day-to-day operations?
Another trend impacting the hybrid data center is business continuity and disaster recovery in the cloud. External cloud services can give you additional protection during an outage at your corporate data center, since your data is stored in a different location.
However, you can’t rush the process of moving your data to a cloud provider. You must first understand your business needs and risks. You’ll also need a solid strategy for providing operational resiliency to make it work. Operational resiliency moves beyond IT recovery to make the entire business more resilient.