The fallout from cyberattacks appear to be growing, despite the massive investments organisations are making in security and risk management. In 2021 alone, businesses were expected to spend over $150 billion to protect their internal networks and critical data.
Yet, when it comes to securing data centres from ransomware and future attacks, there is a clear misalignment.
A common go-to security measure is to line all endpoints with anti-ransomware solutions but exclude the data centre itself. And while it’s vital to protect endpoints, ransomware has been known to sit in systems and devices for an extremely long time without being detected, making this solution far from perfect. Additionally, the only problem we solve here is the one right in front of us. What about the countless threats heading our way that we don’t yet know about? It’s time to prioritise strategic views, not settle for temporary plasters.
Data centres are huge, dynamic environments housing countless complex processes for communications and storage, and the worst outcome is for ransomware to enter the data centre and have complete freedom to move around the network, potentially giving attackers access to every part of an organisation’s infrastructure and consequently access to every asset and piece of data on there.
Therefore, it is essential that any security solution an organisation deploys matches the dynamic nature of the data centre and can evolve with future developments. It is for this reason that, while many different technologies have been marketed as ‘the next best thing’, Zero Trust segmentation – a default deny approach to security which is based on the model of ‘never trust, always verify’ – has proven itself invaluable for securing data centre infrastructure.
It’s all in the preparation
Cyber criminals target data centres due to the high number of applications they host and the vaults of data they hold, and if criminals can get their hands on this valuable information, then they’ll have the weapons to further exploit the business. Clearly then, one of the biggest threats that data centres must deal with is preventing adversaries from moving laterally through the different environments in their quest to infect and encrypt as much of the network as is reachable.
Criminals also seek out the weak defences around cloud connections that result from rapid adoption. So, organisations must accept that ransomware attacks are inevitable and focus on mitigating the fallout. This is where Zero Trust segmentation truly shines, and fortunately there are a few simple, yet strategic steps that companies can take to set this approach in motion.
First, teams must identify the different levels of risk that exist within data centre environments by understanding what systems communicate with each other. Teams should identify high risk systems that are unnecessarily connected to several other servers as a priority; for example, there is no reason for the air conditioning unit to connect to the finance server. This is crucial for building a segmentation policy that effectively controls which systems can communicate with each other.
The next step is proactive containment. We know the typical mechanisms ransomware uses to spread, and we can apply this knowledge to block its ability to move freely through the network. Then, the final stage is reactive containment – the ability to push a figurative big red button that stops all movement to ensure we contain the ransomware as the last line of defence. Not only do these steps to Zero Trust segmentation help defend against today’s threats, but they also add strategic value for the future threats heading our way.
One step at a time
Whilst integrating a Zero Trust segmentation solution may seem like a gigantic undertaking, the process can easily be broken down into incremental, manageable tasks. Starting with the most important assets, from which the business can scale up the implementation of segmentation across the entire enterprise.
However, before pressing the go button on segmentation, the key to any security strategy is to first establish visibility into the entire network, bearing in mind you can’t protect what you can’t see. A Zero Trust model facilitates this by changing the architectural approach to one of least privilege, helping teams to map out their assets and network flows and only allow access to those who need it. Having full visibility into everything on the network results in simplifying the processes that contribute to the complexities of the data centre, which will not only support imminent changes to security but will also prove valuable when businesses add new cloud capabilities to their existing systems, or when new, unknown threats appear on the horizon.
Once visibility is achieved, organisations can move onto implementing Zero Trust segmentation – permitting access to the new segments within the data centres and connected cloud platforms based on the aforementioned least privilege approach to further reduce the reach of an attack. This doesn’t need to all be done at once for the organisation to reap the rewards and better secure its data centre. Teams can start with segmenting what they deem the most critical assets first, and then working through the rest in order of priority.
Nevertheless, throughout this process teams must balance the needs of security with business operations. If organisations grant employees unlimited access, then they gift the same privilege to cybercriminals. However, making the permissions too restrictive could cause productivity to suffer. Having true visibility into everything on the network from the beginning means any new Zero Trust segmentation policies are continuously monitored in order to straighten out any kinks in the system, which helps security teams strike the appropriate balance between security and productivity. What’s more, segmentation can fit within any environment, with the ability to reverse decisions if something doesn’t work.
What’s in store for data centres?
In a cyber landscape where it is virtually impossible to predict the next attack, and even more impossible to completely avoid it, data centres must prepare all elements of their infrastructure. The next stage of data centre security is blocking the attacks directly in front of us, but also the ones that come next. The mechanisms we use now to stop ransomware could be equally effective against future threats.
Ultimately, a Zero Trust segmentation solution is key to strengthening the defences within the data centre environment and reducing the attack surface. Creating a series of locked doors, each paired with a different key, makes it much harder for attackers to move laterally through the network if they’re skilled enough to breach the perimeter. Criminals are drawn to low hanging fruit and quick wins, so by making it harder for them to reach their goal, data centres can decrease the size of the target on their back.