By Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software Technologies.
Against the backdrop of the rise of the remote workforce and the growing prevalence of sophisticated attacks such as ransomware, zero day malware and supply chain attacks, CISOs have been forced to rethink their security architecture. Today, with the need for distributed applications to support their business and security needs, organisations are leveraging hybrid data centres and security architectures.
A hybrid data centre combines on-premise and cloud-based infrastructure with orchestration that allows data and applications to be shared between them over the network, enabling organisations to experience the capabilities and benefits of both. Hybrid data centres span public and private clouds and on-premise environments, and organisations that have adopted this approach need to ensure cybersecurity resilience, security visibility and ease of security management across the entire architecture.
No longer just the data centre, but also the cloud
Ultimately, the differing natures of the on-premise data centre and cloud means that organisations need to ensure security and operational parity across the entire architecture. When organisations have their own data centre architecture, it means this has been developed over a long period of time and the security controls they have in place are mature and work very well. However, when they move inside the public cloud, teams need to be aware of the shared responsibility model when it comes to securing assets. While cloud providers may provide some degree of security and have performance agreements offering some shared culpability, at the end of the day, organisations are still responsible for the data, and cannot be absolved from legal or other ramifications in the event of a cybersecurity incident.
Migrating services very quickly to the cloud can also invariably create a less resilient environment because of the specific security requirements of the cloud. Even a minute change made by the provider or the organization can affect its security posture. For example, when a business creates a data base server instance in the cloud that has direct access to the Internet, this puts the data at risk of exposure. Cloud security posture management is key, and having visibility into where the data is residing and the traffic crossing the cloud environment is important.
Effectively securing the hybrid data centre
So what should organisations consider when looking at solutions to secure their hybrid data centre? Here are six factors to take into consideration:
- Security for hybrid data centers must be unified and offer a single interface for monitoring and managing the security of multi-cloud and on-premises assets.
- As organizations adopt DevOps, they need security that can keep pace. This requires support for automation, including integration with CI/CD pipelines, programmatic management, automated incident response workflows, and dynamic updates that eliminate the need for humans in the loop.
- Hybrid data centers are complex ecosystems, requiring deep and granular visibility and security management. Securing these environments requires the ability to perform in-depth traffic inspection including tailored threat intelligence, content, code and image analysis, monitoring user and app interactions, configuration changes and other account activity.
- Cloud environments provide access to dynamic and flexible infrastructure. Securing hybrid data centers requires solutions that can grow with the needs of the business.
- Data centers offer high availability and redundancy to support business functions. Security must provide the same guarantees to minimize disruption to operations.
- Hybrid data center security solutions should ingest data from across the entire environment and use it to develop adaptive and context-aware security policies that ensure consistent security across the board. These policies should adapt dynamically to reflect changing configurations of the data center’s infrastructure minimizing the need for manual change controls where possible.
The modern data center and network require the flexibility of a hybrid cloud security architecture that uses automation and artificial intelligence (AI) to scale threat prevention performance on demand on premise and in the cloud, with a simplified and unified management system. Organisations should adopt a security framework that encapsulate as many security layers as possible, to reduce the possible attack or intrusion surfaces from threat actors, and to afford effective resilience actions whenever security policies are breached.