Hybrid data centers feature in a big way in today’s hybrid IT and multi-cloud environment, bringing with them new challenges for CISOs.
Today, we are operating in a landscape where we are witnessing an increase in ransomware, supply chain attacks, and zero day attacks.
There was the Sunburst backdoor APT, believed to be one of the most sophisticated and severe attacks ever seen in the wild, followed by the “Hafnium” (a.k.a. Microsoft Exchange server) attack, and the Colonial Pipeline attack as well as a global surge in ransomware incidents.
In addition, the new ‘work from anywhere’ environment has spread business applications across the data center and multiple clouds.
The hybrid data center combines these environments with orchestration that allows data and applications to be shared between them over the network. Yet, there are challenges to consider, such as issues of management and scale.
What can CISOs do to ensure their organizations are protected? CybersecAsia posed some questions about hybrid data centers to Gary Gardiner, Head of Security Engineering, APAC & Japan, Check Point Software Technologies:
Against the backdrop of global attacks such as Sunburst, Hafnium, REvil and the likes, what would best describe and define the current cybersecurity landscape in Asia Pacific?
Gardiner: I would describe the current cybersecurity landscape in Asia Pacific as one of heightened alert as we have seen with the attacks on the supply chain very recently. Organisations are having to not only take a look at their own security, but also the security of the companies that they’re dealing with on a regular basis and the companies that they are sharing their data with.
What are hybrid data centers and why are they gaining popularity among organizations in Asia Pacific?
Gardiner: When we talk about hybrid data centers, we’re really talking about the capabilities of organizations to run services, not only in their own data centers, but in public cloud infrastructure. This is becoming more popular as it gives organizations the agility to meet their customers needs in the public cloud infrastructure.
Organizations are looking for the agility and the dynamic nature of the environments that public cloud gives, but also are looking to make sure that some of their more critical information sits and resides inside their legacy data centres with the connectivity between both to provide the services that their customers and organization needs.
What are some key challenges faced by organizations trying to secure such a hybrid data center architecture?
Gardiner: When organizations have their own data center architecture, this has been developed over a long period of time and the security controls they have in place are mature and work very well. When they move inside the public cloud architecture, there is a shared responsibility model that they need to be aware of.
From a security perspective, what are the cloud providers giving and what are organizations required to secure being custodians and the owner of the data?
The public cloud infrastructure does allow businesses to have a lot more agility. However, businesses will have to change their security practices to meet this agility and DevOps capability. It is important to look at things like cloud security posture management to understand what’s actually happening inside the cloud. It is critical to know where the data resides, and the traffic crossing those cloud architectures.
Please share some tips and best practices for CISOs on securing the hybrid data center.
Gardiner: One of the best practices that I would recommend is gaining visibility of what is going on in the dynamic environment of the hybrid data center. As a CISO, you need to know what’s going on to be able to act on any security issues that arise.
The next one would be looking at identity and access management. Understanding who has access to what information at what time, limiting access and putting in the controls to ensure that anyone gaining access to this information only does so for the time that they require.
It is also important to look at the DevOps capabilities around securing the code that’s being developed inside these environments to ensure that there is no malicious activity or malicious code being implemented inside the environment. Looking at the API connectivity from third party vendors and third-party services coming into your organization as well is key to effectively taking control of your data center.