This sounds logical in an old-fashioned, non-virtualized data center, where physical wires connect everything, and the firewall controls, which servers can talk to each other. We can create VLANs to isolate network traffic and make access control lists to allow inter-server chat. Add-in IDS, vulnerability scanners and perhaps NAC for good measure and you have good control over your network. What’s more, we can pretty much see how it working.
The problem is that this is not what a modern data center looks like anymore. Over the last five or so years there has been a rapid transformation to the type of data center that is common today: one with many virtualized servers, and one in which 50% or more of all ports are virtual ports. There are no longer physical wires between each server, and the rate of growth in virtual ports is probably twice that of physical ones, so the process is only accelerating. The upshot is that virtualization has made network security and compliance very difficult to achieve, the old ways are no longer appropriate.
Data Centre Security Challenges:
The major challenge a Data Center encounters, even more than technology issues, is the human problem.
- Implementing Security Controls is Time-Consuming. Many Organizations say it takes up to 4 hours to create a firewall rule for every new network application. Moreover, it takes days or weeks to update security services.
- Network security is prone to human error resulting in a compromise on the data center services. Security vulnerability, or performance issue, and service interruption was tied to configuration errors.
- It’s hard to change Security controls after the fact as majority of the organizations have expressed that they have no method for removing expired ACLs or firewall rules. Besides, removing expired ACLs or firewall rules is too time consuming.
- Data center segmentation can help but only a few of them are doing it actually. Better segmentation will help solve the problem of criminals moving laterally across their data center.
- Organizations need visibility of the security visibility into traffic flowing from one application to another. While all the organizations do want to use automation and orchestration to accelerate application deployment, most of them do not have the ability to do so.
Organizations are using multiple technologies to protect their data center servers and storage have multiple barriers – the details of which are shown in the image below.
Security Management Model
The security management models for cloud computing that cloud service providers must consider are required to cover the below aspects to make it effective and efficient:
- People Security: A formal charter should be established for the security organization and program. Clearly outlined roles will guarantee in better understanding of the expectations of all team members.
- Security Governance: A security steering committee must be in place, whose objective would be to focus on giving guidance regarding security initiatives and alignment with business and IT strategies.
- Risk management: Risk management require identification of technology assets; recognition of data and its links to business processes, applications, and data stores; and assignment of possession and custodial responsibilities.
- Risk assessment: Security risk assessment is essential to helping the information security organization build informed decisions when equalization the dueling preferences of business utility and protection of assets.
- Data governance: This framework should describe who can decide what actionssolidated to multiple virtual machine instances on virtualized servers.
- Disaster Recovery: Customers depend heavily on access to their services round-the-clock and any interference in access can be destructive. Using the virtualization software, virtual server backup is easily done.
- Third party Risk Management: Third-party Risk Management Program helps in protecting the provider’s reputation and control revenue losses.
- Vulnerability Assessment: Classifies network assets to greater efficiently prioritize vulnerability-mitigation programs, like patching and system enhancement.
Security Image Testing: Virtualization-based cloud computing gives the ability to develop “Test image”, which gives the capability to maintain security up to date and decrease exposure by patching offline.