Speak with a Data Center Expert
The new ‘oil’ of our generation is data. This data isn’t benign, it’s extremely valuable, and it’s also a big target. However, to support growing data, application, and digital requirements, leaders in the tech and business space are turning to cloud for improved scalability, performance and user experience. Today, organizations are deploying more cloud platforms to support an ever-growing distributed user-base.
Let’s start here – Over the past few years, there have been more DDoS attacks against more IT infrastructures all over the world. These attacks have evolved from simple, volumetric attacks to something much more sophisticated. Basically, these attacks are downright vicious against our networks.
Now, attackers are using application-layer and HTTP attacks against certain targets within an organization. Consider this, DDoS attacks are larger than ever before. Arbor Networks 13th annual Worldwide Infrastructure Security Report illustrates this point very clearly:
- The largest attack reported by a service provider was 600 Gbps. Ten years ago, the largest attack was 8 Gbps.
- Complex, multi-vector attacks are experienced by 59 percent of service providers.
- Demand for managed DDoS mitigation services is strong across the board. The top five verticals requesting managed services are financial, government, cloud/hosting, e-commerce and education.
Remember, service providers aren’t the only target. Even though Arbor reported that the largest attack against a service provider was 600 Gbps; some enterprises aren’t as lucky when they become direct targets. Just about a year ago, in 2018, 1.35 terabits per second of traffic hit the developer platform GitHub. All at once. This was the most powerful distributed denial of service attack ever recorded to date.
It’s important to point out that it’s not just DDoS. Although you should be working with a partner that can mitigate a DDoS attack, cloud security goes beyond link saturation and denial of services. You also need to worry about the physical aspect of securing your cloud and ensuring data security.
SAFELY SECURING YOUR CRITICAL APPLICATIONS
CLOUD & VM-LEVEL SECURITY
This is far beyond traditional antivirus solutions and even firewalls. To keep up with advanced persistent threats (APTs), you’ll need to look for security solutions that actually integrate into the hypervisor and with your cloud solution. Here’s the other cool part, many of these next-generation security options can actually improve the performance of your cloud and applications. For example, in many cases, you wouldn’t even need to deploy a client at the VM-level. So, you don’t have to sacrifice performance for security. These types of solutions are specifically designed to help you secure data points, improve user experiences, and mitigate emerging risks.
Other tools allow you to inject solutions like software-defined network (SDN) and network functions virtualization (NFV) right into your cloud ecosystem. These tools help you segment networks, insert virtual network security monitors, and incorporate significantly better reporting and alerting tools. This is where you start to get into the proactive nature of cloud security. That is, these solutions can actually scan for malicious behavior and adjust your network accordingly.
This holds true for DDoS attacks and link saturation. It’s important to note that DDoS attacks have only become more ferocious as they target more systems and grow in size. Working with a good cloud and data center partner means having additional bandwidth should an attack occur. From there, incorporating good security tools deep into your application and virtualization layer will help secure core data points.
CLOUD MEANS MULTI-TENANCY, SERVICES, USER EXPERIENCES & MANAGEMENT
When you look at network data, how information flows through your ecosystem, and where it might leave your cloud, you can control data delivery as well as quality of service (QoS) based on the classification of the workload. This basically means you have the ability to classify data and even applications. Furthermore, you’re able to see how that data interacts with users, cloud resources, and distributed locations. The most important piece to remember here is that there is no one security solution that’ll solve all of your IT and business requirements. Rather, a security solution is much more of an architectural approach and can be truly contextual. To create truly powerful cloud security designs, you’ll need to understand your users, how they interact with data and applications, and how various use cases will impact your security strategy. And, when you define your business and technology use cases, the security architecture becomes clearer and easier to define.
Need to isolate your data for data locality purposes? Work with a partner and system that can support this initiative and help geofence entire data sets and applications. Or, maybe you’re working with governance, risk, and compliance. In this case, it’s absolutely critical to leverage solutions that can help you stay compliant while still delivering a powerful solution. Challenge your partners and be sure to ask good questions to ensure both security and positive user experiences.
ENFORCING COMPLIANCE & SECURITY FOR YOUR CLOUD
For example, if you’re a healthcare organization and you want to leverage cloud, you’re in luck. Updates to HIPAA now allow for cloud and data center partners to work with and process protected healthcare information (PHI) and other potentially sensitive data points. However, that same partner needs to have signed a business associate agreement (BAA) to process PHI as well as other types of data. Again, it’s completely possible to work with cloud even if you’re in an industry where compliance can be a challenge.
Here’s another example. Others in the online or retail space have created powerful e-commerce gateway platforms for PCI-compliant workloads. In these cases, you can isolate the flow of data, create payment and processing gateways, and even ensure that data only flows within specific regions as needed. This is a great way to offload processing to a cloud or data center partner while still staying agile and compliant.
Compliance aside, your security model should not complicate the way you manage cloud and your data center. In fact, good partners will actually help you design around simplicity and security. Most of all, they design around user experience. This means working with advanced solutions that support virtualization, new types of applications, working with new data-driven solutions, and much more. When it comes to cloud security and user experience, it doesn’t have to be either one or the other. New designs now allow you to have the best of both worlds.
NEVER FORGET THE PHYSICAL ASPECT OF CLOUD SECURITY
Again, threats against cloud and data center operators are only getting more advanced, persistent, and targeted. In the latest AFCOM State of the Data Center report we saw the top 5 infrastructure threats facing today’s data center. This includes:
- Ransomware: 56%
- Outside threats (human): 48%
- Advanced Persistent Threats (Theft of IT and/or corporate data): 44%
- Inside threats (human): 42%
- Loss of PII (personally identifiable information): 40%
When it comes to deploying a cloud, your strategy really does need to be holistic. That is, be sure to look at all security design aspects as you architect your own cloud model. This may even mean hiring a security team to do things like pen and vulnerability testing.
Cloud security doesn’t have to be complicated. In fact, a good partner will actually help guide the design to simplify management while still helping the organization grow. Security solutions can now be deeply integrated into the visualization, cloud, and even physical layers. All of this translates to better user experiences, simplified and centralized management, and greater capabilities to respond proactively to evolving threats.
Ultimately, a good design also gets you user and customer confidence. Remember, mitigating risk not only helps with brand image and your stance in the market, it will absolutely help your organization leverage more cloud options in a digitally-connected world.