|
Managing Data Centre Security Data
Managing the heaps of security data generated in data
centres is a staggering task. This is made more difficult
by the fact that for comprehensive protection, enterprises
have to manage not just security data generated by security
devices like firewalls and IDS, but also data that is thrown
up by network events and changes in configuration status of
the data centre servers, network devices, storage devices,
and applications.
Today, enterprises deploy network management software to monitor
network events; change management software to log changes
and check those against how things are supposed to be configured;
and security event management (SEM/SIM) products to help filter
and make more sense of security events generated from firewalls,
IDS and other security devices.
But these solutions typically operate in isolated silos making
it difficult to aggregate and transform the raw data into
actionable information. Enterprises have to collate both security
and management information through a single process, and centralize
the information on an integrated management console. Event
correlation technologies that are becoming common now would
enable the console to make intelligent decisions and take
proactive action to enforce security and compliance policies.
Dealing with the Internal Security Threats
In today's virtual enterprise model boundaries have vanished
and the difference between outsiders and insiders has blurred.
In this environment, an effective risk management strategy
would entail positioning the data centre within a hub surrounded
by a control layer that enforces security policy and identity
and access management controls on everyone - employees, customers,
suppliers, and partners - prior to them accessing resources.
This strategy would be effective only if all access to the
data centre resources is marshalled through a controlled gateway.
However, a characteristic of today's enterprises is unfettered
connectivity that permits insiders to bypass centralized security
controls, for instance through rogue modems or wireless access
points. Therefore, focus on endpoint security controls is
also vital.
The technology controls should be supplemented with ongoing
enterprise-wide security programmes to usher compliance with
enterprise security policies and to protect insiders from
becoming gullible conduits for malicious outsiders through
social engineering attacks.
Patch Management and Virus Prevention
The manner in which an enterprise administers its patch
management, anti-virus, and spam control activities can have
a material impact on the integrity of its data centre's operating
performance. Technology solutions should be integrated with
people and process-related controls such as awareness programmes,
periodic vulnerability scanning, compliance testing, identification
and classification of information assets, putting in place
consistent policies and standards, and implementing an efficient
security intelligence gathering process.
Today anti-virus technologies dependent on updating their
virus signature files to be effective are largely obsolete
because of increasing zero-day exploits that attack before
the signature file can be updated. To overcome this limitation,
next-generation anti-virus technologies that integrate intrusion
prevention to counter unknown and zero-day attacks (such as
McAfee VirusScan 8.0i) have emerged.
Enterprises should ensure that their patch management technologies
not only automate the patching process, but also permit patch
rollback, and work in heterogeneous environment (Windows,
Linux and Unix). In the new data centres, next generation
patch management technologies will be required that perform
regular vulnerability and compliance scans to locate systems
where patches where needed, manage configuration policies,
and permit testing of the patches in a software simulated
environment before applying them in the production systems
(a crucial requirement in data centres),
Identity Management
Identity Management (IM) is a business strategy involving
the entire enterprise, and senior management support is critical
to its success. Efficient management of IM requires a thorough
understanding of the enterprise's key business processes to
determine the critical applications, information assets and
transactions within the data center that are necessary to
support the processes. This would help define which users
need access to which resources in the data center and at what
level of security. Data center administrators can then establish
appropriate security policies and assign permissions and access
rights to users based on their role within or outside of the
enterprise.
Since every component of the data centre - servers, network
devices, storage devices, and applications impose their own
permissions and access controls there would literally be hundreds
of mini-databases containing user account information scattered
around the enterprise. This makes security management a nightmare.
Therefore, efficient IM management requires the enterprise
to establish an enterprise directory - a centralized repository
of user account information, including certificates and keys,
which a number of different systems can access, enabling centralized
control of user accounts in the data centre.
The enterprise directory would enable Single-Sign-On (SSO)
technology to permit users to sign on and authenticate themselves
once, then access multiple resources in the local and remote
data centres without re-authenticating. The directory also
would also lay the foundation for a Privilege Management Infrastructure
(PMI) that can facilitate very efficient authentication and
authorisation within the intranet and the extranet. Data centers
requiring high security must implement a PMI solution that
uses PKI and biometrics for authentication.
Use of grid computing and distributed services in the new
data centres requires establishing trust relationships among
decentralized security and policy domains. This is made possible
by Federation, which is the dominant trend in IM. For interoperability
and efficient management, enterprises should adopt standards-based
Federated ID initiatives like SAML.
Identity Management is in essence a business strategy, which
not only provides security but also enables key enterprise
business applications, like ERP, CRM, financial systems and
others. For efficient IM management, the enterprise must integrate
all data center applications into the IM solution. IM products
typically provide simple API-based integration capabilities
to permit this.
|
