05 Feb Data Center Cybersecurity
Securing your data center requires a lot more than some locks and cameras. This is because a data center hosts business-critical data and assets, such as customer information, financial documents, intellectual property, and more. In this blog, we break away from the physical security aspect of your efforts and focus on how organizations can protect a data center from virtual attacks.
For an introduction to data centers and related physical security, be sure to visit our previous blog:
Cybersecurity Best Practices
Your organization’s goal should be to strive for the capability to prevent, detect, and respond to cyber attacks targeting your data center. Malware, spyware, and hacking are all examples of cyber threats to data centers. Cybercriminal activity is expected to be one of the largest challenges humanity faces in the next two decades and data centers are always going to be in the crosshairs. Fortunately, there are steps you can take to minimize risks.
Keep Servers and Systems Updated
The first and easiest step to protect your data center is to always keep servers and systems updated. While applying updates and patches isn’t always convenient, it’s important to do so as soon as possible. These often get pushed aside because “things are running just fine” yet this is what cyber criminals are hoping you’ll do. When an organization releases updates or patches for their product, it’s often because they’re fixing a security gap that was identified.
Imagine you just bought a car and after a week, the back window stops closing. If the manufacturer offers to fix the window for you, would you say “maybe later”? Until you fix the window, there remains an easy way for someone to break into your vehicle. Keeping your systems and server updated is an easy way to remedy vulnerabilities before they can be exploited.
Encrypt Your Data
Any data at rest or in motion should be encrypted. This translates your data into another form that can only be deciphered with the correct code, ensuring your data isn’t easily visible to anyone that shouldn’t have it. If you organization permits portable storage devices, ensure these are encrypted so when lost or stolen, the data will remain safe. Use network-level encryption to secure your data when it travels between endpoints and use server-level encryption to protect your data when it’s at rest.
Automated Network Analysis
Defending your network and scanning for threats should be a top priority, and should happen 24/7. This is because most cyber attacks are over the network, so having a good front line defense will prevent the spread of malware and any data breaches. Anomaly detection, keyword matching, data monitoring, and other methods will alert you to any suspicious communications that have gotten past your firewall.
Antivirus programs are historically signature-based. As malware is discovered, file names and indicators of compromise are cataloged in antivirus engines. As each file enters a network or computer, it’s scanned against the signature list and quarantined or deleted when there’s a match. This is a security issue because, in a report by SentinelOne, “only 50% had been previously submitted to malware repositories. And of that half submitted, only 20% had corresponding signatures from existing anti-virus engines.”
Antivirus systems operating with AI focus on detecting unusual behavior by programs rather than matching signatures. This is typically more efficient because most malware is designed to function differently than is the standard operation of the computer system, and they can be detected from these actions. This allows these AI-based antivirus systems to detect zero-day exploits and other previously unseen/cataloged malware.
Monitor and Restrict Access
One of the most effective methods of preventing cybersecurity incidents is to Implement and enforce access restrictions. This applies to both physical and cyber efforts. Limiting access to users will reduce unnecessary risk and limit the chance of a breach. According to Verizon’s 2020 Data Breach Investigations Report, https://enterprise.verizon.com/resources/reports/dbir/ 30% of breaches were caused by insiders. This includes falling for phishing attacks, intentional malice, or losing credentials. Limiting a user’s access to documents and data that they don’t need will help reduce the impact of an incident they cause. Start by reviewing permissions for every user that has access to your network.
Implement a Zero Trust Architecture
Zero Trust architecture has become known in cybersecurity as the act of eliminating the notion of trust from an organization’s network. The idea behind this is that to protect modern digital environments, you must never assume that all users act responsibly and follow policy on a regular basis, or that those users haven’t been compromised. Once on the network, users can copy or transfer any data they have access to, making them a large vulnerability. With the assumption that threats can and do come from inside an organization, more focus is then placed on securing data and segmenting access.
One good practice is to create secure zones in your network, which will help layer security. These zones should include a test area, a development zone, and a production zone. Prior to any new code or applications being executed, its recommended to scan them for vulnerabilities that can be exploited.
Implement Policy and Training
It’s often said that humans are both the strongest and weakest components of security. To reduce data center vulnerability, provide security awareness training and set policies that enforce proper security behavior. Creating rules and policies doesn’t help if employees are not aware of them and understand them. Employees need to know how data breaches occur and how their actions impact security.