Back to Blogs
Blog Img

Growing Gaps in Data Centre Security (and What to do About Them)

If you were looking for some kind of popular culture metaphor to describe the trials and tribulations of cybersecurity, you could do worse than turn to the Star Wars franchise.

While digital technology is undoubtedly a Force for good in our modern world, there is equally no doubt that it has its Dark Side, too. The more digital tech evolves, the more powerful it gets, the more it also fuels the ambitions of the cybercriminals and hostile actors who wish to use it for ill.

Locked in a seemingly eternal struggle for supremacy between good and evil, the further down the digital road we go, the more the threat from cybercrime grows. And so we look to cybersecurity as our only hope.

As the beating heart of the cloud-based architectures that now dominate IT, data centres find themselves right on the front line of this galactic battle. Data centre infrastructure and technology continues to evolve at warp speed.

But as it does so, the protections offered by existing cybersecurity protocols get stretched. Gaps open up that rogue digital actors seem able to pounce upon at will. The result is that data centre security is in a constant state of flux, continuously trying to anticipate how the next leap forward might leave it vulnerable before the hackers do.

Why the threats keep growing

There are a number of reasons why rapid progress in data centre technology creates gaps in cybersecurity defences like this. One is that the landscape for potential attacks just gets bigger and bigger.

We’re connecting more and more devices all the time. We’re pushing more and more compute capabilities out of the data centre to the network edge to achieve better processing speeds, lower latency and bandwidth relief. But to use another analogy, that’s like taking the garrison out of a big secure castle, splitting it up and scattering it to dozens of smaller forts way out in the hinterland. The potential targets for attack multiply many times over.

We’re also operating in a much more complex, communal digital ecosystem these days. Everything is open source, SaaS, outsourced. The average company now uses an astonishing 80 different SaaS applications. That’s a lot of data and functionality being trusted to third parties.

When you rely on so many partnerships, you simply cannot throw a company firewall around your IT infrastructure the way you could when everything was run on premise or via an all-encompassing private cloud. You put your trust in a lot of different people. And inevitably someone, somewhere leaves a tiny little chink that can end up being exploited.

The race for zero trust

That is why one of the biggest trends in cybersecurity is so-called zero trust - a model that accepts that the traditional network edge, like the safe mediaeval castle from times of yore, is a thing of the past.

Designed for distributed IT architectures, remote working and complex collaborative ecosystems, zero trust makes authentication and authorisation a first principle of system access. You cannot get past the encryption controls without proving who you are and may be challenged for revalidation at any time. It’s the digital equivalent of being asked to prove your identity every time to step onto the street (and every street thereafter).

But in data centres, imposing zero trust security systems on legacy technology stacks that were not designed for them is a highly challenging task. To put it in simple terms, it’s complex and it costs a lot of money. So there is a big lag in data centres catching up with what is emerging as the gold standard for distributed authentication control. And that leaves data centres vulnerable.

Tech-based solutions will emerge and are already emerging. Nvidia, for example, is putting programmable security at the heart of its new generation of ‘data centre infrastructure-on-a- chip’ DPU solutions. Nvidia’s latest DPU’s support VMware’s Project Monterey, a re-engineering of its flagship hybrid cloud platform designed to deliver zero trust security.

Changing the culture

There are also changes data centre operators can make at the level of operational procedures and culture to better bolster themselves against the expanding threat landscape.

Security strategies need to be holistic and end-to-end, based on a complete view of the broader ecosystem. So much of IT delivery is based on collaboration and complex supply chains these days, you can’t focus on one point or node in isolation, including the data centre. Cybersecurity needs to be a constant topic of conversation between partners, to ensure their approaches are aligned. Companies need to start demanding clear security performance metrics to get the guarantees they need.

As always, people matter just as much as technology. Countless threats stem from human error at all levels of organisations. Cybersecurity needs to be treated as a core skill requirement, with appropriate training given to all personnel and recruitment that prioritises cybersecurity expertise.

The clouds we operate in now and in the future are reaching galactic scales. And so the battle to secure them is reaching galactic proportions, too. Only by focusing resources collectively will the dark forces of cybercrime be kept at bay.