Security and Data Centers

Twenty years ago, I ran a small group in a large corporation’s subsidiary, which developed firewall and virtual networking gear. In those days, most people were beginning to discover what the Internet and the World Wide Web were. That security was required for the Internet was not well recognized. It was inconceivable for many that some bad guys would hack into their internal networks via the Internet and cause all kinds of trouble. Internet security was a new area, and several companies with security gear went public.

Fast forward to 2014, when we are well aware that there are many kinds of attacks on corporations’ networks worldwide. At the recent Motivated to Influence Data Center Conference in San Francisco, I sat in a session on security in data centers, Data Center Security Discipline: You Do Not Have to Outrun the Bear, by Jeffrey Logsdon, COO, MainNerve.

In most data conferences, topics are either facility or IT related, and security, even though it may fall into the IT category, is not discussed very often. Jeffrey’s talk was very interesting. Well, as he was joking, I got a little depressed to hear how vulnerable we may be in the use of the Internet and data centers.


Jeffrey Logsdon

The following is a summary of his talk and my comments.

Why Security in Data Centers

He discussed the fundamental reason why we need security at data centers: they host data that are sensitive and valuable, such as:

And:

  • Student records, donor records, alum records as related to FERPA
  •  Critical plant information, physical plant, IT systems
  • Research information, internal data, and intellectual property
  • Law enforcement, court orders, criminal and investigative records
  • Email, messaging, and text data

Motivations to steal those may vary. Rogue nations have their motives. An individual may want to show off. And there are monetary reasons. Then what about the dollar figure associated with those sensitive data? Jeffrey showed the following interesting chart.


This shows that stealing my information alone won’t make a lot of money in the black market.

Type of threats

Jeffrey then showed types of threats to deal with at data centers.

Type

Remarks

Bot/botnet

Web executables, images, videos & links

Virus

Mail, websites & attachments

Trojan/logic jam

Applications, games & programs

Worms

Attachment borne & quick to replicate across systems

Rootkit

Hacker borne

Social engineering

Human involved

Insider threat

Employees & contractors

Key logging

Social media

He also mentioned that those threats go up during:

  • Holidayseasons s, such as Black Friday, Easter, Christmas

 Security measures

Jeffrey then showed what we need to do to counter such security threats:

  • Develop a risk management program
  • Train our staff

More specifically:

  • Develop a formal security plan with a strategic road map and a tactical crosswalk for getting there

He concluded by saying that with all of these preparation for security you can:

  • Drive revenue
  • Improve quality
  • Improve client experience
  • Defend masterfully

My comments

These days we cannot go through a day without using online services, such as banking, filling out prescriptions, buying goods online, selling and buying stock, and many other services. It is inconceivable not to be online each and every day. I have thought of security threats online and on the Internet. If my accounts are broken into, I will suffer from that for sure. But what if financial institutions with my accounts or retail stores with credit card service are broken into? Even if I am careful to protect my accounts, if the corporations that deal with sensitive information like that in “Why Security in Data Centers” above are hacked, I will also be impacted.

Jeffrey mentioned that he and his wife do not use online banking because he had seen so many security breaches. For me, I do not have the option not to do online banking, because it is quick and convenient and allows me to manage multiple accounts.

Another thought is that huge dynamic distributed systems may go out of control. A large distributed system cannot be controlled manually, so some kind of intelligence is incorporated to manage the entire system. Therefore, dynamic changes in outside parameters may cause the system to behave unexpectedly. Related to this thought, in a recent article, artificial intelligence (AI) is considered to be dangerous. If we invest in AI to progress, at some point it would surpass human ability and may take control. It is a scary thought. The only relief for me is that it may not happen during my lifetime.

Zen Kishimoto

About Zen Kishimoto

Seasoned research and technology executive with various functional expertise, including roles in analyst, writer, CTO, VP Engineering, general management, sales, and marketing in diverse high-tech and cleantech industry segments, including software, mobile embedded systems, Web technologies, and networking. Current focus and expertise are in the area of the IT application to energy, such as smart grid, green IT, building/data center energy efficiency, and cloud computing.

, , , , ,

No comments yet.

Leave a Reply


*