When everything is going well, security at a data center is an unsung hero. You don’t hear consumers, brands or businesses say “Today was a great day because none of my personal or corporate online data was compromised.”
However, when there is a security breach, security concerns shoot to the top of everyone’s mind and to the top of the headlines in the news. Just ask Target, Home Depot, JP Morgan, Sony and other companies you’d expect to be ready to handle devastating breach issues.
Whether in the news or not, security is top of mind for those in charge of managing consumer and corporate data. But, it needs to be top of mind for everyone in management.
At a CBRE data center conference last fall, Bob Reilly, senior vice president with Fidelity Investments was asked “What is your biggest concern with the data centers in your company’s portfolio?”
Reilly answered, “What keeps me up at night is a four letter word: risk The risk and security of our company’s and our clients’ critical and personal information is of the upmost importance.”
So, why should data security keep you up at night?
Reason No. 1: If everyone in upper management is not intimately concerned with data security. All we need to do is look at the security breach recently at Sony. According to TechCrunch, Sony had only 11 people on the information security team at the time of the hack. According to a former employee:
“The real problem lies in the fact that there was no real investment in or real understanding of what information security is,” said the former employee.
Further, one issue made evident by the leak is that sensitive files on the Sony Pictures network were not encrypted internally or even simply password-protected. Hackers easily found a file with usernames and passwords called “Usernames&Passwords.”
Reason No. 2: If your company doesn’t have a plan about how to react to an emergency with a data breach. In the case of Target’s security issues in mid-December 2013, according to an article in Bloomberg BusinessWeek, Target was prepared to handle such a breach. However, when the breach actually happened, Target corporate ignored the warnings it was getting from the systems that had been put in place. According to the article:
“Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers, never would have happened at all.”
Reason No. 3: If your company isn’t moving fast enough. Fifty-six million credit cards and 53 million emails were compromised in a six-month attack at Home Depot’s payment terminals last November. This was a bigger breach than what happened at Target a year earlier. According to the Wall Street Journal recap and an insider to the story, Home Depot began a project to fully encrypt its payment terminal data, but that project was outpaced by the hackers.
What does this all mean? Data centers must continually go through a transformation to stay ahead of technology and hackers. One example in the fast-moving evolution of security at data centers is the cloud infrastructure. Having the ability to provide complete end-to-end security solutions across hybrid cloud environments is a critical success factor in mitigating risk. Late last year, Cisco released its updated GCI report for 2013- 2018. It included the following projections:
• By 2018, 76 percent of all data center traffic will come from the cloud.
• By 2018, three out of four data center workloads will be processed in the cloud.
Although cloud computing can be cost-effective for businesses, it’s the data center that sits at the cloud’s core, and it’s the cloud that adds more layers to the security and risk dynamics of a data center. This concept is where one of the recent buzzwords originated: “next-generation security.”
Communications happening over the cloud have new types of security requirements that older platforms could not meet. These next-generation security technologies are more than a standard firewall. They include virtual security appliances located inside a network running special policies, or at the edge of a network protecting cloud-facing applications. These technologies also include new types of policy engines, cloud-ready endpoint control and software-defined security.
No doubt executives at Sony, Target and Home Depot wish they had put more thought into the people, the processes and the plans they had in place prior to their security breaches. So, what can you do?
First, it’s important that upper management be intimately involved with the company’s security and risk precautions. Second, every company, no matter the size, should have a plan in place in case the worst is to happen, including clear accountability about who is in charge to stop the bleeding. Finally, move faster than the hackers. That is certainly challenging, but it’s a challenge that businesses should accept in order to safeguard their most valuable commodity: their data.
Robert Fulford is vice president of Stream Data Centers. Contact him at [email protected].
