Defending modern data centers

• Security is frequently being put on the backburner while the entire operation continues to upscale
• Companies need to make security an integral part of organizational governance and culture

IT is no secret that enterprise data centers are in a state of transformation – they always are. Today, the virtualization and cloud mega trend is forcing profound shifts within data centers, affecting everything from IT services and business models to architectures.
 
There is a constant need to scale data center operations to meet the seemingly insatiable demand for connection and throughput speeds, as well as the number of concurrent sessions.
 
In fact, these performance demands are expected to increase by as much as 30 times over the next few years. Adding to the dramatic changes, over half of all workloads are expected to be virtualized by next year; and the fact that employees currently use an average of more than three mobile devices to access enterprise networks.
 
If addressed properly, these trends offer business benefits such as reduced capital investments, new revenue growth and the greater efficiency, agility and scalability demanded by globalization.
 
All of these trends are fundamentally changing data center operations today. While the obvious impact of these changes is the need for performance scalability to meet the increasing demands, they also inherently change how data centers are secured. It is this second impact that is often overlooked.
 
Often an afterthought
 
While security is certainly important to data center administrators, it is not their only concern. Often, their primary focus is maintaining business-IT alignment and avoiding chokepoints that can degrade performance and jeopardize their service level agreements.
 
As a result, security is frequently being put on the backburner while the entire operation continues to upscale. Most security products are bolted on as an afterthought, so they are not as effective in meeting the robust and dynamically changing needs of enterprise data centers.
 
This opens the door to the perfect storm for a major security breach, especially with the increasingly sophisticated targeted attacks and security threats.
 
To illustrate today’s threat landscape, the Verizon Security Threat Report 2011 showed that 3.8 million records were stolen worldwide in 2010. And 94% of this data came from servers – an increase of 18% from the previous year.
 
Closer to home, statistics from Cybersecurity Malaysia indicated an 88% increase in cyber-security incidents reported from 2010 to 2011 in Malaysia.
 
For enterprises to confidently seize the business benefits offered by data center virtualization and the cloud, organisations must address these security concerns. They need to include security in their overall data center and cloud computing planning process from day one and make it an integral part of organizational governance and culture.
 
In fact, the best security solutions are not tacked on to the data center – they are integrated with the network to help safely grow the business. Whether it is about dealing with virtualized environments or increasing numbers of personal devices, an integrated approach is the best way to keep the business data secure.
 
When deciding when and what to virtualize and move to the cloud, it is important to assess the IT plans through a business lens by reviewing objectives, processes, and applications. These business objectives should be balanced with risk factors, architectural requirements and limitations.
 
Organizations should then plan on strategically building security into the virtual and cloud architecture so that it is both agile and robust. Once a virtual and cloud security solution has been implemented, accountability and improvement processes are critical to keep up with changing threats and evolving technologies.
 
Security shall no longer be a hindrance

For many years, enterprises have held back from making the transition to virtual and cloud environments primarily because of the inherent security risks and concerns. This should not be the case, especially as Malaysia is on its journey to become a world-class data center hub.
 
It is time to rethink how security fits in to these new architectures and lead the way in data center virtualization and cloud model transition.
 
At the end of the day, security must be seen as the art of the possible, not as a hindrance. The security approach is imperative to help organizations migrate to cloud and a more flexible device-agnostic corporate culture.

Yuri Wahab is Cisco’s managing director for Malaysia