Data Center Security - Stepping Up the Game!
Did you know that there are close to 2200 cyber attacks in a day and there is a cyber attack every 39 seconds on an average? According to various threat intelligence reports these are the statistics across industries and it also includes colocation, especially hybrid data centers (DCs). The main purpose of these attacks was not just extortion as one might assume, it included reputational harm and disruption of business activities as a part of corporate sabotage and illegal or unauthorized access to data with the intent to sell it on the dark web.
Recently, in the news, hackers obtained login credentials for two of the largest data centers in Asia which impacted close to 2000 customers including some global stalwarts. In India alone, Data centers faced 51 million cyber-attacks in 9 months between April to December 2021, as per the research report released last year by The Institution of Electronics and Telecommunication Engineers (IETE) and CyberPeace Foundation (CPF) along with Autobot Infosec. According to a Cyble Research Labs analysis, over 20,000 web instances of various data center management and monitoring products, ranging from intelligent monitoring software to thermal cooling management control systems, are currently accessible to hackers.
Also, we think of any risk associated with a data center as a cybersecurity risk, but the physical security in a data center is also a real problem and plays a critical role in protecting data and property from compromise. The 2023 AFCOM State of the Data Center Report found that for the first time, human threats (both insiders and outsiders) were in the top five primary security and infrastructure threats.
However, the good news is that with increasing vulnerabilities, the landscape of sophisticated physical and cyber security solutions are also expanding to pre-empt and prevent data & infrastructural attacks. From being just focused on the physical security and resilience of the infrastructure in the past, Colocation Data Centers are also incrementally focusing on cyber security solutions as a part of their overall data center cyber-resilience strategy.
Before we get to the solutions, I’d like to table out some of the major threat trends that we see within the data center industry today:
(1) Unauthorised Intruders: Data Center physical security today presents some huge challenges. Anyone with the right access can harm servers, even in a locked facility. Data centers need to be protected from intruders as a breach in the physical security of a DC facility can result in theft, property destruction and the loss of vital information.
(2) DDoS: Distributed Denial of Service (DDoS) attacks are the most common types of attacks. Servers are a primary target for distributed denial of service (DDoS) attacks which disrupt and disable essential internet connection blocking access for end users. These attacks are a direct threat to uptime at Data Centers. While these are not a new type of attack, they are becoming more complex and sophisticated given the accelerated use of connected IoT devices and the use of web applications.
(3) Ransomware: Attackers are using ransomware to target enterprise infrastructure and are a major threat to client data. While the data may not be at a risk of being published, ransomware attacks can be employed to modify the data threatening its integrity
(4) Malware at Scale: Attackers use malware platforms to create a backdoor into the Data Center Infrastructure Management (DCIM) framework, gaining direct access to equipment, systems & devices. For e.g., access to power management systems could allow hackers to just cut power to devices connected to a PDU leading to immediate shutdown of critical infrastructure across businesses and people or alternatively exploit the thermal cooling systems to cause over-heating and crashes.
(5) SSL-induced blind spots: The increased use of SSL encryption makes organizations vulnerable to hackers as they are now encrypting threat packages which can go undetected by threat monitoring tools. The limited presence of solutions to intercept and decrypt SSL traffic increases vulnerability
While the above are the most common and prevalent type of attacks that a data center should prepare to defend itself against, other long existing forms of attacks through sheer brute force which web applications are more susceptible to and the newer ones which bypass EDR are also ones that one has to take into account.
The Way Forward
Data centers today are adopting several technological advancements to stay ahead of evolving cyber and physical threats. DCs are now purpose-built and have the best amalgamation of physical and electronics security, along with adherence to global standards & regulations that ensures data integrity and confidentiality.
Here are the top priorities for strengthening the security cohort for data centers:
(1) Advanced Physical Security Measures - Comprehensive, multi-layer security in data centers including under vehicle scanner, AI/ML-driven surveillance cameras, intrusion detection systems, man traps, Contraband Trace – safe material, QR based patrolling and centralized command center that ensures a safer and protected place to prevent organization’s IT infrastructure. Also, enforcing stringent biometric based access controls, utilizing multi-factor authentication and role-based mechanisms to limit data access to authorized personnel.
(2) Network Segmentation: Networks need multiple layers of protection to prevent hackers from moving freely across the network should they breach through one layer. Networks today are software defined and as such are secure by design and also consist of autonomous layers which makes threat detection and defence pre-emptive in nature through pattern detection and addressing anomalies with alacrity.
(3) SIEM (Security Information and Event Management): A single platform that augments an SOC to strengthen its Threat Detection capabilities. SIEMs integrate AI to automate intrusion detection & prevention. The SIEM will analyse network traffic, potentially block access, and send an alert to a security analyst to further research into the event. While some Ransomware are APTs and are difficult to detect, active monitoring capabilities of SIEM makes detection easier. Apart from the regular tasks, the added benefits include forensic tools for incident investigation, comprehensive threat intelligence, threat / cyber hunting features to find compromised resources and address the issues to remove vulnerability.
(4) ML & AI enabled Cyber-Defence: The use of ML & AI is making ecosystems more responsive. Both AI and ML are being actively used for attack detection across the entire ecosystem. Cloud based solutions for detection and rapid response are being used today and the demand for which is on the rise. An interesting aspect to address here is sophisticated phishing attempts and the Avatar jacking trend, with password protected security being phased out slowly and the rise of encryption along with multiple authentication steps across digital channels, there will be several moments of truth in the road towards identity verification. Specific solutions for identity fabric immunity are on the rise with tools for cybersecurity validation which strengthen end-point security.
(5) Zero Trust Network Access: To safeguard data at rest, in use, and in transit using encryption, VPNs, and data loss prevention (DLP) technologies is a must. Used in combination with VPN, ZTNA provides formidable security cover to enterprises. ZTNA integrates device compliance and health into access policies, giving organizations the option to exclude non-compliant, infected, or compromised systems from accessing corporate applications and data.
(6) Tools to address specific threats: Depending on the scale and the type of data center one could look at deploying solutions such as Firewall as a Service (FWaaS), Extended Detection and Response (XDR), Ransomware Protection as a Service (RPaaS)
(7) Anti Phishing tools and Employee Education: Identification and blocking of phishing websites, identification of compromised passwords and educating employees to recognize phishing emails is crucial for systems and data protection.
(8) Secure By Design & Default: Most solutions are secure by design, meaning the solution has been tested to discover and probe into any flaws or vulnerabilities during the development stage to make it significantly more resilient. They are also secure by default which means that they already have in-built security features which enable log evidence of potential intrusions, multi-factor authentication and controlled access to sensitive information. The human centricity of the solutions means that they are based on comprehensive analysis of usage behaviour which makes it easier to detect unusual digital behaviour patterns or hacker behaviour. These solutions go a long way in controlling insider threats and even moderate cyber-espionage attempts.
(9) Robust Audits & Compliance – Conducting regular security audits and assessments at a data center and adherence to global standards and compliance is the need of the hour. It serves as a proactive check to swiftly identify and rectify vulnerabilities, ensuring systems remain fortified against cyber threats.
Today when it comes to data center security, the stakes are very high. The unpredictability in the physical and cyber-attacks pose significant risk to business operations, the loss of data, and the brand image. Safeguarding data centers has never been more important. Organisations should continually reassess the security technologies, practices and procedures to address potential threats.