Why Virtualized Data Center Security? The $36 Million Dollar Answer
In my previous column Data Center Security: Only as Strong or Safe as the Weakest Link I discussed the seriousness of security in relation to data centers. Yesterday’s news emphasizes that security is serious business: A 26 year-old computer hacker pleaded guilty on Thursday to stealing hundreds of thousands of credit card numbers, causing losses of more than $36 million. Rogelio Hackett, of Lithonia, Georgia, stole 675,000 credit card numbers by hacking into business computer networks, downloading credit card databases or purchasing them on the Internet. He also admitted that he sold credit card information and counterfeit cards to acquire gift cards and merchandise.
This breach is not unusual; although the amount of data lost to cyber attacks dropped significantly in 2010, even as the number of breaches jumped, confirmed cases of compromised data in 2010 rose to 761 from 141 in 2009. And with the proliferation of new data and end-user packaged services such as managed security, compliance and cloud, SPs are under increased pressure to ensure that their data centers have network architecture, systems and robust policies in place to guard against hacking and malware. With network services delivered by multiple data centers and application servers (or more frequently by third parties with applications hosted in remote data centers across the Internet), each layer within the data center must have security protocols that guard against potential breaches.
One safeguard that SPs can employ is system virtualization, which can effectively address and improve data center security. In a virtualized data center LANs, storage area networks, and servers are virtualized so that a single physical network or system element can run multiple logical elements. In a layered security model, security boundaries are controlled so that trusted network components are separated from unreliable components. IT personnel may designate multiple boundaries and multiple layers of protection assigned to systems. By managing network elements and systems within and outside of the boundaries differently managers provide an added level of security. The importance of the system or component and how vulnerable it is determines where it falls within or outside of a boundary and how deeply it will be embedded. Additionally, the layered security architecture is correlated to the virtualization architecture that is implemented in the data center. This is done by mapping virtual networks at layer 2 and layer 3 to virtual storage networks and virtual servers. This model not only improves scalability and reduces opex related to energy, but it also improves data center security by isolating components of the network and system infrastructure and mapping the virtualization and security defenses in the network to the virtualization models deployed across the entire data center.
Securing data centers is not simple and requires stringent security design at every layer, which must complement the logical design and systems requirements in the data center. SPs must be able to quickly identify and respond to evolving threats, protect their critical assets, and enforce their business policies. Not having these requirements in place could end up costing a service provider millions, $36 million to be exact.
For more information about Ray Mota.