Michael Paye, VP of Research and Development, Netwrix, says securing a modern data centre involves significantly higher stakes and complexity than organisations have faced before.
The world is seeing an unprecedented boom in data centre construction, due to factors like increased reliance on cloud computing and especially the rise of Generative AI. These data centres store, process and manage the vast amounts of data that power essential business processes, from product development and client transactions to financial planning and compliance reporting.
Accordingly, organisations need their data centres to operate reliably and without interruption. Suppose a DDoS attack overwhelmed an organisational data centre’s network, rendering many of its hosted websites and applications useless. Now imagine if a ransomware attack locked down the data centre of a major cloud service provider that an organisation relies upon, or if an edge data centre supporting smart grid operations suddenly lost connectivity. The consequences of any of these scenarios could be devastating.
Evolving threat landscape
The core technologies used to power data centres are not new, so adversaries have no need to invent entirely new attack vectors to compromise them. Whether they’re targeting a small business or a massive data centre, attackers can still rely on tried-and-true exploits, like human errors and misconfiguration. The key difference with modern data centres lies in the significantly higher stakes of a breach, because of the massive volumes of data that they now host.
The revolutionary AI technology fuelling additional data centre expansion is simultaneously supercharging the cyberattacks on those same data centres. Malicious actors are now harnessing AI to enhance the potency of ransomware and DDoS attacks, as well as to craft highly personalised phishing and social engineering attacks with unprecedented customisation, precision and sophistication.
Defenders are seizing the power of AI as well, rapidly building an arsenal of AI-powered solutions to proactively safeguard data and ensure prompt threat detection and response. However, data centres face a dual challenge: as they adopt AI tools to strengthen cybersecurity, they must create policies and processes to ringfence those systems in order to keep both internal and outside threat actors from manipulating them. If security leaders of an organisation haven’t yet begun to address this side of AI security, they should start considering it as soon as possible.
Active threats today
Human vulnerability remains the most significant threat to data centre security. Despite advanced technological defences, employees, contractors and other IT users remain susceptible to manipulation. Indeed, many unwittingly divulge passwords and sensitive information in response to phishing and social media campaigns.
In addition, data centres are prime targets for ransomware attacks, since they face immense pressure to restore operations as swiftly as possible.
Insider threats are another significant risk to data centres, including both malicious actors within the organisation and well-intentioned employees who make unintentional errors.
Building a resilient security architecture
Given the critical nature of data centre processes and the potentially drastic consequences of interruptions, resiliency must be woven into the fabric of all architectural designs. Some key components of a resilient design include:
- Layered security: A multilayered security strategy involves implementing multiple controls at different levels to protect digital assets. This defence-in-depth approach helps ensure that even if one layer is breached, others remain in place to provide protection.
- A proven security framework: By adopting an established framework like the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF 2.0) or ISO/IEC 27001, leadership teams can better evaluate risks, balance them against resolution costs and determine the most practical path to a defensible position.
- Risk assessment and testing: Conducting regular risk assessments helps organisations identify vulnerabilities and mitigate them before malicious actors exploit them. Regular testing, such as penetration tests, reveals whether current tools and strategies will perform effectively when needed and guides improvement strategy.
Tools and technologies
A robust, multilayered security strategy should integrate both digital and physical security measures, including firewalls and advanced access controls. It’s also important to ensure that security tools are effective across the environment, whether it’s on-premises, in the cloud or hybrid, and that they work together to ensure seamless integration and co-ordination.
Security tools for threat detection and response also need to provide effective behaviour analysis to baseline normal user routines, network traffic and other activity. Using that information, they can more accurately identify anomalies that could indicate a threat in progress and alert security teams, reducing response time and minimising damage.
Addressing the human element
Building a strong defence starts with training the team. Your employees, contractors and other IT users are the first line of defence against cyberattacks, so they must be equipped to recognise and respond effectively to phishing attempts, deepfake vishing and anything else that seems off. An alert and knowledgeable workforce can often detect threats and prevent security breaches before automated systems can.
To defend against both compromised employee accounts and malicious insiders, it’s essential to enforce the principle of least privilege, which requires that each user be granted only the minimum permissions necessary to perform their job functions. Because the accounts of administrators and other users with elevated access rights pose the most risk, many organisations are implementing advanced privileged access management (PAM) solutions that replace standing privileged accounts with just-in-time accounts that grant a user exactly the permissions required for a particular task.
These temporary accounts are automatically deleted upon task completion. This approach dramatically reduces the attack surface area by minimising the opportunity for adversaries to compromise highly privileged accounts.
Consider third-party expertise
A key challenge in responding effectively to the growing threat landscape is the global shortage of skilled cybersecurity professionals. Many organisations are turning to AI-enabled solutions as a partial remedy. Of course, it’s important to not depend on technology alone to fill the gap. Consider third parties such as MSSPs that have cybersecurity professionals with wide experience who can readily identify weaknesses in your armour.
Conclusion
Securing a modern data centre involves significantly higher stakes and complexity than organisations have faced before. The scale and importance of data centre security can be likened to the difference between safeguarding a local sports event and securing a global spectacle like the Super Bowl or World Cup. The good news is that an effective cybersecurity strategy is still grounded in fundamentals like the principle of least privilege and user awareness training.
