Tasked with tightening up your facility’s cyber defences? Mathivanan V, director of product management at ManageEngine, offers five key pieces of advice for data centre managers.
Cyber-attacks are a persistent threat to UK businesses according to the Cyber Security Breaches Survey 2019 commissioned by the Department for Digital, Culture, Media and Sport.
While fewer businesses have identified breaches or attacks than before, the ones that have identified them are typically experiencing more of them. These are consistent trends since the 2017 survey.
Around a third (32%) of businesses report having cybersecurity breaches or attacks in the last 12 months. As in previous years, this is much higher specifically among medium businesses (60%) and large businesses (61%).
In monetary terms, it is estimated in the same report that over £4,000 is the average annual cost for businesses that lost assets or data after breaches. Can you imagine how much this could mean to data centres which are attacked?
To mitigate these threats, data centres need to have robust security policies in place, improve their cyber-resilience and implement stronger security measures to ensure their customers’ data is secure.
Data centres collect and store massive volumes of data from multiple sources, which makes them an attractive target for cybercriminals.
DDoS attacks, web application attacks such as SQL injection and cross-site scripting (XSS), disruption of access to DNS servers or poisoning of DNS caches in a data centre, users being prevented from accessing vital services, brute force attacks due to weak passwords and SSL-induced security vulnerabilities are some of the methods used by cybercriminals to steal data or take the servers offline.
Given these threats to the data centre network infrastructure, here are some best practices to help defend against cybercriminals:
Monitor the firewall
IT admins need to regularly monitor and analyse their firewall’s syslogs and configurations and optimise its performance to protect the network. Efficient syslog analysis can help identify security threats in real time and effective policy management can help prevent DNS spoofing, DDoS attacks and web application attacks.
Don’t stop monitoring at the firewall
To gain insights into potential threats and stop them before they turn into an attack, IT admins need to also look into other log-generating devices in the network such as routers, switches, IDSs and IPSs, application servers, databases and web servers.
It is critical to correlate and analyse logs from all these sources to find security events of interest, such as user access, unusual activities, user behaviour anomalies, policy violations, internal threats, external attacks and data theft. A thorough analysis will help in preventing security attacks.
Keep an eye on configuration changes
The key to efficient network management is using an end-to-end change management tool to track and record all configuration changes made to network devices. Apart from this, security admins also need an alerting system that notifies them of all configuration changes in real time.
Encrypt and inspect your data traffic
Huge volumes of data travel between data centres and to protect this data from being intercepted, security admins need to use strong data encryption and inspect outbound SSL traffic from internal users, as well as inbound SSL traffic to corporate servers, to identify any suspicious traffic.
A combination of encryption and monitoring can save data centres from attacks exploiting SSL induced security blind spots.
Set up stringent authentication control
Deploying a secure, centralised vault for password storage and access plays a key role in eliminating password fatigue and security lapses.
Automating frequent password changes and generating real time alerts on password access helps keep brute-force attacks in check.
Finally, conducting regular security audits and running regulatory compliance reports to identify and correct security vulnerabilities plays a key role in keeping data centres secure from attacks.
As the cyber threat intensifies globally, top of the line defences will become a bigger expectation for businesses when it comes to storing their data.
As cyber threats become increasingly advanced, data centres must ensure they are meeting that demand with best practice defence strategies.