Cyber threats are the #1 security risk to governmental organizations and business enterprises, and they are only getting worse. Yet today’s prevailing cyber security strategy is insufficient for dealing with those threats, because it misses one of the most important elements in the technology stack. Cyber security has largely been focused on the top layers of the IT stack – on applications software, operating systems, and compute/store/networking devices. There aren’t many of us focused on cyber security in the data center, at the foundation of the IT stack.
In this second part of a three-part series written for the enterprise CSO, we’ll explore the role the data center plays in cyber security and why Data Center 1.0 is unequipped to deal with those threats. This post follows on one from a couple of weeks ago, when we explored what cyber threats are and why they’re growing.
The role of the data center
If we want to be able to deal with the kinds of cyber security threats I talked about in my last post, it’s important to drill down and better understand the IT stack today – what it includes and how it interacts with the data that is growing at exponential rates around us.
1. The applications infrastructure layer: This is the layer of the IT stack where user data resource requests are sourced and queued, managed, cached, and processed. It is made up of individual bots and applications, operating systems, and virtualization platform services. These software components are growing very fast, and they’re always on. They demand energy through the use of the enterprise infrastructure layer.
2. The enterprise infrastructure layers: This is where hardware – CPUs, storage, and network devices – resides. That hardware processes, stores, and transmits digital work – namely, bytes and bits, which are increasing exponentially. There are multiple vectors for this data growth, including the volume of data; the rate of data growth; and the variety of types of data, both structured and unstructured. Each vector poses its own challenges to the enterprise infrastructure layer.
3. The data center infrastructure layer: At the foundation of the IT stack is the data center, which connects end users to their data and the applications that run it. Data center infrastructure includes power distribution, energy recovery, environmental, and IT network interfaces. It is governed by two distinct attributes: it is always on (as required by service level agreements between the data center operator and the end user); and its quality must be uninterrupted, clean, and secure. When run by a true data center operating system (IO.OS), delivery is matched in real time to the needs of the application and enterprise infrastructure layers.
Quite simply, the data center is the foundation of the IT stack in our digital world.
Why Data Center 1.0 is unequipped to deal with growing cyber threats
For the traditional raised-floor data center, not governed by a data center operating system – this is what we call Data Center 1.0 – there are serious gaps in security. Data Center 1.0 builds have been opaque, capital draining, and largely hidden from the world of CSOs. These data centers are filled with aging infrastructure of varying design that do not lend themselves easily to protection. Malicious actors can penetrate them at relatively low cost.
These gaps in security are widening every day as innovation at the software and hardware layers of the IT stack surges forward, creating more vulnerability within a data center infrastructure that has not innovated apace. If you break the foundation, the stack falls.
That’s what happened in June 2012 when a powerful storm knocked out an entire data center – and with it, cloud-computing operations for customers like Netflix and Instagram. But natural disasters are just one threat vector…increasing criminal and other threat activity targeted at high-value, critical infrastructure, including data centers, is a clear and present danger.
So as technology and threats grow in our increasingly interconnected world, we need a new, bottom-up strategy and a set of capabilities to integrate and optimize the security in our data centers. We call this strategy Data Center 2.0. Stay tuned for the final installment in our three-part Data Center 2.0 & Cyber Security series, where we’ll explore how Data Center 2.0 is the only way to ensure data security into the future.