Data centre cybersecurity actions that most people overlook
FYI, this story is more than a year old
Article by Schneider Electric Innovation and Data Center vice president Steven Carlini
It’s been well publicised that Microsoft fends off more than 7 trillion cyberthreats per day, and allocates over $1 billion each year to cybersecurity for its cloud data centres.
While your data centre may not see “trillions” of cyberthreats per day (and you may not spend in the “billions” to protect your company’s data), I bet that you have a comprehensive plan in place for the protection of your digital data from theft or corruption.
Signs of effective data centre cybersecurity
Effective data centre cybersecurity practices include: Encrypted devices, firewalls, IDS/IPS, SIEM’s, SOC’s, stringent physical security, with documented procedures and clearly-defined business protocols.
If you consider cybersecurity a priority, you may have secured the main entry point (core), put your IT systems into “clusters” and redundantly protect those, and hard connected IT devices through physical communications cables.
Cybersecure-conscious companies integrate executive oversight to their c-suite team and add a new role of chief security officer. Rigorous audits are common and important compliance standards could include, but are not limited to:
- NIST 800-53 PE and FISMA
- SSAE-18 (SOC 1)/ISAE 3402
- PCI DSS
Cybersecurity threats: Learn from these real-life examples
With these types of measures in place, companies are most likely confident in fending off cyberattacks. But history has shown that no fortress is impenetrable and a common theme is woven into the most famous and costly breaches.
In military terms it is called a flanking manoeuvre, which is an attack on the sides or rear of an opposing force. Flanking is useful because an army’s power is typically concentrated in its front – as is cybersecurity.
Let’s look at a couple of high-profile flanking breaches:
Uber – Uber CEO Dara Khosrowshahi said two hackers stole the personal data of 57 million Uber users, including phone numbers, email addresses, and names, and the driver’s licence numbers of 600,000 Uber drivers in 2016.
The hackers got in through Uber’s GitHub account, a site its engineers use to code applications and track projects. There, hackers found the username and password to access Uber user data. GitHub is an engineering development site – not associated with any customer or driver accounts. However, it resides on the same network.
Target – In 2013, attackers first broke into the retailer’s network by using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Pennsylvania based provider of refrigeration and HVAC systems, according to USA Today.
Personally Identifiable Information (PII) of 70 million customers was compromised, including names, addresses, email addresses, and telephone numbers. Target’s CIO resigned in March 2014, and its CEO resigned in May of the same year. The company estimated the cost of the breach at $162 million.
Cooling system vendors need to be able to remotely access systems to conduct maintenance or to troubleshoot glitches and connectivity issues with the software.
This is mainly for cost savings, versus dispatching service personnel to the site. It’s clear why Target gave an HVAC company external network access, but company leaders obviously had no idea it could be used to access Target’s payment system network.
Ukraine Power Grid – A successful cyberattack on a power grid was carried out in December 2015.
Hackers successfully compromised the information systems of three energy distribution companies in Ukraine to temporarily disrupt electricity supply from 30 substations, leaving 230,000 people without electricity for a period from 1-to-6 hours.
Energy companies use SCADA (Supervisory Control and Data Acquisition) systems where the hackers were able to remotely switch off substations by hijacking unprotected networks through which uninterruptible power supplies were communicating.
Securing your greater digital ecosystem
As you can see it’s necessary to think about your entire digital ecosystem with a wide view that sees beyond the boundaries of your IT room.
In the data centre, most of the focus has been on defending the core where all the servers and storage are located. But cybercriminals are looking at where they can flank your position, as shown by the cyberattack cases.
It’s time to look at cyber protection from all perspectives and all domains of the data centre. Data centre are sometimes conceived, designed, constructed, and managed in three domains – IT Room, Power, and Building (cooling).
Protecting your digital vulnerabilities from cybersecurity attacks
Knowing where your systems are vulnerable is the key to protecting them.
As we have seen from the examples, once cybercriminals get inside your firewalls, they can navigate their way to customer data or even shut down your business functions or power.
These peripheral areas and components are not your core competency – the IT room is. This is precisely where Schneider Electric can help.
Schneider can provide a comprehensive assessment and analysis to reveal the gaps between where you are now and worry-free protection.
We can deliver a clear roadmap and action plan, which designates the right people, processes, and technologies to bridge the gaps in your data centre and minimise the possibility of a cybersecurity flank attack.