Securing today s data centre



Similar documents
Governance, Risk and Compliance Assessment

Security Assessment and Compliance Services

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment

How do you manage the brain of the business in a way that supports the opportunities your organisation wants to take advantage of?

Hybrid Wide-Area Network Application-centric, agile and end-to-end

IP Trading Solutions

Four steps to improving cloud security and compliance

Flexible Cloud Services to Compete

Cloud Services for Microsoft

Contact Centre Integration Assessment

We d Like That on Our Laptops, Notebooks, Tablets and Smartphones, Please

Cloud Readiness Consulting Services

Dimension Data s Uptime Support Service

It s critical to be able to correlate threats pre-emptively and respond to them immediately.

Software-as-a-service Delivery: The Build vs. Buy Decision

Security Solutions Much of the pressure lands on the IT team. mobile and geographically dispersed workforce conducting regular assessments turn this

I can finally afford UC without making a huge upfront investment. COO, market leader in the health care industry

Dimension Data s Uptime Maintenance Service

Cloud Readiness Workshop

opinion piece IT Security and Compliance: They can Live Happily Ever After

Desktop Virtualisation Solutions. Adapting to a new reality in client computing

opinion piece Eight Simple Steps to Effective Software Asset Management

How To Manage An Ip Telephony Service For A Business

Sustainable Solutions. Switch to future thinking

best practice guide How to measure the real ROI of virtualisation

Big Gets Bigger, Smaller Gets Smaller

best practice guide BYO-What? 6 Lessons Learnt in Making Mobility Work

best practice guide 7 Best Practices to Make Telecom Expense Management Work for Your Business

3D Workspace: a new dimension to your desktop

best practice guide Software-as-a-service Operations: Step-by-Step Best Practices

opinion piece Cloud Computing The journey begins

Managed Secure Infrastructure Service

Managed Service for Visual Communications

opinion piece Fragmenting DLP assessment, implementation, and management is counter-intuitive

best practice guide Moving Exchange to the Cloud: 5 Really Practical Best Practices

opinion piece Meeting the Challenges of Supplier Relations in a Multisourcing Environment

best practice guide Rise Above Unreliable Videoconferencing

Private Cloud for Every Organization

Application Security No Longer a Pipe Dream

Ensure Optimal Infrastructure Support for Mobility

INSITE. Dimension Data s monitoring offering

Burning Dollars Top Five Trends in US Telecom Spend

Procurement and Logistics Service. Overcoming the challenges and complexities of international business

Secure Mobility Survey Report. A critical gap exists between the enterprise mobility vision and real-world implementations

Consulting and Professional Services. Strategic, architectural, operational and implementation expertise

Security Consulting. Services Overview

opinion piece Security Consolidation and Optimisation

3 Steps to Transform your Business with Next-Generation Networking

Understanding the 12 Requirements of PCI DSS

Top 5 IT security trends to watch in 2015

Advanced Infrastructure

opinion piece Consolidation Drives Network Performance 6 Feet Under

Performance Optimisation

Cloud Security: Developing a Secure Cloud Approach

Dimension Data helps Unilever boost global collaboration and hit sustainability goals with innovative Videoconferencing-as-a-Service

white paper Technology Internet Protocol Lays a Path to Flexibility and Cost Reduction

Telephony Telephony a platform to connect, communicate and collaborate with confidence

The Future of Unified Communications & Collaboration India highlights. Key findings from a major global Dimension Data and Ovum study

Strategic, User-Driven, and Managed: The Future Of Unified Communications and Collaboration Executive Summary

Contact Centre-as-a-Service a compelling suite of best-in-class contact centre functionality, delivered via the cloud.

white paper Strategy and Development: The Expanding Role of the Contact Centre

Maintaining the Balance Between User Experience and Security

The Future of Unified Communications & Collaboration Canada. Key findings from a major global Dimension Data and Ovum study

7 Demands Enterprises Must Make from Cloud Providers

The Future of Unified Communications & Collaboration South Africa. Key findings from a major global Dimension Data and Ovum study

best practice guide Network Management How to Lose the Frustration, Not the Control

white paper Ten Steps to Turn Visual Communications Technology into Real Business Value

Dimension Data Cloud Services

Top 5 data centre trends to watch in 2015

Data Centre Relocation

The Future of Unified Communications & Collaboration France. Key findings from a major global Dimension Data and Ovum study

The Future of Unified Communications & Collaboration Netherlands. Key findings from a major global Dimension Data and Ovum study

EMEA BENEFITS BENCHMARKING OFFERING

DSV Air & Sea, Inc. Aerospace Sector. DSV Air & Sea, Inc. Aerospace

Sustainable Data Centre

The Future of Unified Communications & Collaboration United Kingdom. Key findings from a major global Dimension Data and Ovum study

Dimension Data Hosted Private Compute-as-a-Service

HIPAA security rules of engagement

360 o View of. Global Immigration

white paper Building Sustainability into Your Supply Chain Through e-procurement

best practice guide 8 Considerations for an Energy-efficient Data Centre

opinion piece Compliance in the Payment Card Industry

Workforce Optimisation

Overcoming the Challenges and Complexities of doing International Business

Is the future of networking software defined?

E-Seminar. Financial Management Internet Business Solution Seminar

IT Security. Securing Your Business Investments

Sybase Solutions for Healthcare Adapting to an Evolving Business and Regulatory Environment

MAUVE GROUP GLOBAL EMPLOYMENT SOLUTIONS PORTFOLIO

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Introducing GlobalStar Travel Management

Managed Security Services

The Future Of Unified Communications and Collaboration is Managed. Key findings from a major global Dimension Data and Ovum study

Information Technology in Natural Resource Organisations

The big pay turnaround: Eurozone recovering, emerging markets falter in 2015

Enterprise, Meet Cloud: Mapping a Safe Passage to Enterprise Cloud Adoption

Global Dynamism Index (GDI) 2013 summary report. Model developed by the Economist Intelligence Unit (EIU)

Chart 1: Zambia's Major Trading Partners (Exports + Imports) Q Q Switzernd RSA Congo DR China UAE Kuwait UK Zimbabwe India Egypt Other

The face of consistent global performance

NNIT Cybersecurity. A new threat landscape requires a new approach

Transcription:

white paper Securing today s data centre The intelligent use of data is core to achieving business success. There is, therefore, an indisputable need to safeguard the data centre, where most data in its various forms is processed and transited. This can be an onerous responsibility, and increasingly so with the continual evolution of business models and new technology, the proliferation of threats, and increased pressure around compliance. Traditional data centre approaches that worked before have no place in this new scheme of things. We need to use new technologies like virtualisation and cloud solutions, and establish the right ecosystem of controls, processes and policies. When properly crafted and applied to form a cohesive whole, and guided by a well thought-out information governance framework with a matching architecture, these approaches can offer robust protection for the modern data centre.

Contents Executive Summary 01 Data centre imperatives 01 Information governance framework 02 Security architecture 03 Layering 03

In this paper, Dimension Data provides insight on how to deal with this new challenge and lays out an approach for establishing a secure ecosystem of controls in the modern data centre. Data centre imperatives Digital information is the lifeblood of every modern organisation. Used properly, it can be transformed into knowledge for guiding strategy, making key business decisions and managing day-to-day operations. For data to be used in these ways, it has to be untainted, kept safe, and made available. This means that the data centre, the heart through which almost all data flows, has to be kept healthy and secure. Data centre today is vastly different from what it was, say, a decade ago. Firstly, the data centre has undergone a huge transformation. While the traditional big iron data centre was tasked with providing raw computing power, the new-generation data centre acts as a fast, agile and serviceoriented provider of IT utility. Furthermore, while the traditional data centre served mostly internal users, the new-generation one caters to a broader constituency comprising increasingly mobile employees, customers, suppliers, and business partners across the globe. This makes the responsibility of securing the data centre even more onerous. Many enterprises have consolidated their data centres in order to mitigate IT and process complexity, increase resource utilisation and efficiency, improve performance, and raise service levels and consistency all while trimming costs. Such consolidation centralises information in a smaller number of locations. While this makes the responsibility for keeping information secure more exacting as it should, it also gives organisations the opportunity to address in a proper manner, with the outcome being a sturdier overall IT posture. New technologies, too, impact in today s data centres. While virtualisation and cloud technologies help reduce costs, boost efficiencies, and speed up business operations, they also introduce new risks. For example, in a virtualised environment it can be difficult to separate or gain visibility into communication between virtual machines on the same host, or locate all critical servers to check if they have been properly patched and configured. The use of cloud offerings brings challenges around data sovereignty, and dependencies on service level agreements (SLAs) and controls outside of the company. In addition, the threat landscape is increasingly ominous. Hackers have evolved from hobbyists out to cause mischief, to professional criminals and for-hire outfits engaged by states and corporations eyeing sensitive information and commercial secrets. Hackers deploy very targeted attacks and have more advanced means than ever before. Digital information is the lifeblood of every modern organisation. Used properly, it can be transformed into knowledge for guiding strategy, making key business decisions and managing day-to-day operations. 04

Security architecture Security operation Governance Change Incident Configuration and asset Forensics investigation Event monitoring and Architecture principle & model N-tier architecture Application Application platforms Collaboration Access Internet facing web server Data warehouse Email Data encryption Server and endpoint Instant messaging Identity SSO Strategy Policy Service orientated architecture Antivirus & HIPS Server & endpoint Patch DLP Vulnerability Perimeter and infrastructure Wireless Authentication DLP Role & responsibility Risk Virtualised Network Virtualised F/W and IPS Network admission control Web gateway solutions Network antivirus Wireless DLP Legal & regulatory SaaS Private cloud Public cloud Hybrid cloud Virtualised IT platform Compliance Figure 1: The total secure data centre domain Information governance framework While most organisations understand the importance of keeping data secure, and compliance remain one of the most challenging disciplines to comprehend, implement and maintain. Security in a data centre is a very broad domain that requires an understanding of complex challenges. Without a proper information governance framework, many businesses are simply unaware of their risk exposure and could be vulnerable to operational, financial and reputational damage. Information governance ensures that information strategies support business objectives, manage risks appropriately, use organisational resources responsibly, and are consistent with applicable laws and regulations. For it to be effective, information governance needs to be real time and an integral subset of the overall corporate governance model. Board-level sponsorship is thus vital as this facilitates the assignment of roles, the division of responsibilities, and the allocation of ownership. Top IT, of course, must be included in the organisational sub-structure holding the mandate. Effective governance requires a framework to guide the development and maintenance of a comprehensive information architecture. This framework generally consists of: an information risk methodology a strategy explicitly linked with business and IT objectives a organisational structure a assessment strategy that evaluates the value of information that is protected and delivered policies that address each aspect of strategy, control and regulation standards for each control monitoring processes to ensure compliance and provide feedback continual evaluation and updating of policies, standards, procedures and risks Once the information governance framework has been constructed, it can be used as the basis for developing a architecture that supports the organisation s objectives. 05

Security architecture Security architecture should link business and IT objectives, limit the impact of adverse events, and provide the right information for compliance requirements. In addition, it should strike a balance between optimal technical controls and operational expenses, as well as take into account the existing IT infrastructure and deployment models. The development of such an architecture is a multi-phase endeavour. The first step is to gain an understanding of the organisation s business strategy for, say, the next three years. What the organisation aims to do or become has an influence on the architecture. For example, if the plan is to expand the business geographically or make additions to the application deployment model, this will impact not just the IT architecture in the data centre but also its. The current state of the data centre is then determined. The best way to do this is to gather and analyse information on the network and devices to identify vulnerabilities related to the internetwork operating system, and network and device configuration. Such vulnerability assessments are usually conducted manually by specialists, either from within the organisation or from a third party that can provide the proverbial extra pair of hands and eyes. This assessment should include penetration tests, and internal and external audits of policy and controls compliance. A similar assessment of the infrastructure then follows, covering the network, systems, end points, applications, and compliance, policies and rules. The evaluation of the current state of the data centre and of the infrastructure will reveal areas where the effectiveness of measures can be improved. These gaps need to be filled using the necessary solutions and technologies, and changes to the existing IT infrastructure and deployment models may be required. Using the improved architecture as a base, the business can then map out the actions and projects that will eventually align its business strategy with its IT master plan. Technology: layering controls As previously mentioned, organisations can no longer depend on traditional approaches to secure their data centres. Other than physical protection, these approaches focus mostly on protection at the network perimeter. This method has one major flaw: once the network has been breached, intruders have relatively easy access to systems and data within the network. Network perimeter defences also fail to counter threats from internal sources. To defend corporate systems and data assets in today s data centres, organisations need a strategy that encompasses all the components of their IT environment, from the network to the perimeter, data, applications, servers and end points, thus minimising and managing all the weak points and vulnerabilities that expose the organisation to risk. Data centre Physical Figure 2: Layered defence Field level Obviously no single technology can protect against all threats. Multiple technologies have to be deployed. These technologies are most effective when applied as layers. This way, should one defensive layer be breached, the other layers continue to provide. A multi-layered strategy for today s data centre should include elements for protecting the infrastructure (corporate network, servers and end points) and applications, with an additional layer comprising operations. Application Access level Network Encryption 06

Infrastructure protection A layered strategy for data centre starts at the first line of defence the network layer. Almost all physical devices in today s business environment have an IP address and are connected to a network. Most attacks happen at the network level, and those that do turn into breaches eventually touch the network at some point. A cohesive network strategy should incorporate several distinct technologies that together protect the entire network fabric, making it resilient. These technologies include those for traffic monitoring and access control, intrusion prevention (including wireless), zero-day attack prevention, Web gateways, and end-point protection. At the server level, protective technologies include those for malware protection, host intrusion prevention, and data loss prevention. Complementing these are application control software for blocking unauthorised applications and code on servers and other assets, and for whitelisting users who are authorised to make configuration and other changes. As with all software, it s very important that these be updated with the latest patches. Default user accounts created during a server installation must be deleted. Unused modules and application extensions, and unnecessary services also need to be removed so as to minimise the number of open ports. Servers containing sensitive data should be further shielded by being isolated in dedicated, secure segments of the corporate network, with access to these segments controlled via tiered firewalls. As for end point, many of today s workers access the intranet from outside the office environment, sometimes through their own personal handheld devices. Together with the proliferation of portable media, this increases the risk of infection. To minimise this risk, end points can be secured using solutions for malware protection, access control and identity verification. Application layer Many organisations use a mix of opensource, internally developed applications and commercially available applications. Some of these may not have been written to strict secure code guidelines or not secured on a life cycle basis, making them vulnerable. The need to keep applications secure has become more critical as more organisations transact and engage customers, partners and even regulators over the internet and are expected to keep the related data safe. Having a dedicated web server for internetfacing applications and storing the data in a protected data warehouse can help ensure this. To ensure that only authorised users are allowed to access and use applications, organisations should have, at the minimum, identity and single sign-on technologies. Complementary solutions include encryption software and gateways for applications such as email. Many organisations use a mix of opensource, internally developed applications and commercially available applications. 07

Security operations and For a architecture and technologies to be effective, they need to be supported by the people who operate and manage these tools. Security operations encompass risk and vulnerability assessment, incident and remediation, change, event monitoring, forensic investigation of attempts and intrusions, and asset and configuration. When reinforced by the right policies, procedures and processes, and managed in a cohesive and co-ordinated manner, these services can give the organisation a full view of its current risk, enabling it to make informed decisions about both its immediate priorities and future plans to improve and manage risk. However, more often than not, such big picture of operations is lacking in today s organisations. The reasons for this include a lack of IT staff with the requisite skills, disproportionate attention paid to operational tasks such as patch and firewall rule changes, having too many diverse technologies to manage, and being fixated by technology but not its operational. Another reason is not having the tools necessary for providing the services. Together, these three layers provide a protective shield for the data centre, keeping the information belonging to the organisation, its employees, its customers and its business partners confidential, uncorrupted and available. Conclusion The way businesses use data will contribute to their success in the marketplace. The consequent responsibility to secure the data centre can be burdensome but this burden can be lightened through the use of the correct technologies within a sound ecosystem. Elegantly deployed and crafted, and guided by a considered information governance framework and matching architecture, these technologies and ecosystem can shield the modern data centre from threats. Dimension Data is a global systems integrator that helps clients to create, integrate and manage their infrastructure in a way that supports their business goals. We offer a broad portfolio of services coupled with proven technologies from a select group of innovative partners including Blue Coat, Check Point, Cisco, F5, McAfee and AirWatch. Our professionals are recognised for their depth of expertise and passionate client delivery. They re globally connected to bring you the best solutions for your needs, delivered anywhere in the world. CS / DDMS-1432 / 11/13 Copyright Dimension Data 2013 08

Middle East & Africa Asia Australia Europe Americas Algeria Angola Botswana Congo Burundi Democratic Republic of the Congo Gabon Ghana Kenya Malawi Mauritius Morocco Mozambique Namibia Nigeria Oman Rwanda Saudi Arabia South Africa Tanzania Uganda United Arab Emirates Zambia China Hong Kong India Indonesia Japan Korea Malaysia New Zealand Philippines Singapore Taiwan Thailand Vietnam Australian Capital Territory New South Wales Queensland South Australia Victoria Western Australia Belgium Czech Republic France Germany Italy Luxembourg Netherlands Spain Switzerland United Kingdom Brazil Canada Chile Mexico United States For contact details in your region please visit www.dimensiondata.com/globalpresence

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information