DataCenterNews Asia logo
Specialist data center news for Asia
Story image

Equinix: How to enforce security at the digital edge

By Julia Gabel
Tue 12 Sep 2017
FYI, this story is more than a year old

Complexity has exploded across today’s enterprise IT infrastructures with businesses increasingly dependent on less understood and evolving technologies.

For example, the digital economy has increased the types and sources of digital requests from APIs, mobile apps, cloud and new customer and partner ecosystems. In particular, software-defined infrastructure, business APIs and digital services have brought tremendous power, capability and automation to the enterprise.

For hackers seeking ways to go beyond just breaching an enterprise’s firewall, these new programmable entries into the inner workings of the enterprise provide an irresistible target.

To mitigate the risks that more sophisticated technologies and hacking capabilities present, new security guard rails and a “trust nothing model” are needed to protect people and companies from internal mistakes or unsanctioned behavior from bad actors.

The perfect storm of risks

The emergence of sophisticated new threats in an increasingly complex and automated IT infrastructure environment presents a perfect storm for companies seeking to protect their data.

Comprehensive enforcement of security policies means implementing them in a way that cannot be circumvented under any circumstances. In an automated business environment, which makes policy enforcement decisions in real time, equally capable automated controls need to be in place to mitigate risk and protect security boundaries and employees from mistakes.

While an unlimited number of new security policies can be created, consistently enforcing them throughout the organization is not so easy—especially since much of the data and user activity to which firms need to apply those policies are outside of their security perimeter and not visible.

It may be known that incidents are occurring, but there is no broad enforcement capability (other than manual processes) to identify and stop them. Finally, you need to place your security policies and controls at the edge, close to where attacks are most likely to be initiated.

There can be severe ramifications of not deploying basic event processing and monitoring to determine what policies you need. First, recovering from a devastating data breach incident to your business consumes an inordinate amount of time, resources and costs. Second, corporate compliance, governance and risk management are severely limited by a lack of controls.

And adopting a “this will never happen to me attitude” is a poor strategy. According to the Identity Theft Resource Center, as of August 16, 2017, the total number of U.S. breach incidents in multiple industries is 24% higher than at the same time last year, amounting to 917 data breaches recorded and nearly 17 million records exposed.

The strategy: Policy control at the digital edge

Policy enforcement decisions need to be made in real time to be effective. That, along with requirements for improved performance and scalability when applying these critical controls, is driving security policy monitoring and enforcement closer to the digital edge, where commerce, population centers and digital ecosystems meet.

There, security policy controls can be applied, adjusted and deployed in real time (or near-real time), proximate to the entities they are protecting, allowing you to more effectively and efficiently mitigate user errors and hacking attempts.

Many Equinix customers are solving policy control challenges by leveraging an Interconnection Oriented Architecture (IOA) strategy to place powerful and effective security policies and controls at their digital edge.

An IOA framework allows security policy enforcement to be deployed and applied in geographically distributed digital edge nodes (vendor-neutral “interconnection hubs”) for improving boundary controls and preventing mistakes or malicious actions within the inspection zone.

Leveraging local monitoring capabilities and automated event processing can detect and act upon a variety of security breaches (e.g., data access anomalies, attack trends) in real time that would otherwise not be possible in a centralized data center.

By moving business traffic through digital edge nodes, you can distribute monitoring and control to every edge intersection point, tailoring the policies accordingly to reflect company strategy, industry compliance or regional regulations, and implement them in an automated way that cannot be circumvented.

Leveraging an IOA Security Blueprint for greater policy monitoring and enforcement

The IOA Security Blueprint teaches you how to deploy security policy administration and enforcement within edge nodes as described (see diagram below). With this strategy, you’re protected when a developer accidently runs a test against a production database, or an employee trying to send a file link inadvertently sends a folder containing sensitive information.

These potential disasters can be arrested where they begin, with localized boundary control and packet inspection at the IT exchange point, you see everything and can enforce policies accordingly.

Security Policy Administration and Enforcement

The policy administration and enforcement design pattern diagram above shows how to architect edge-based policy enforcement that ensures all communication runs through the digital edge node and is therefore authorized, inspected and approved (or denied).

The steps are as follows:

  1. Determine which flows require what kinds of policies. In doing so, identify components in your security ecosystem that can be leveraged in your digital edge node. Colocate high-dependency services in the digital edge nodes, and scale as more nodes are deployed.
  2. Many solutions advocate a wire-speed appliance in the digital edge node as a policy enforcement point that is configured to be part of the data flow with backend calls to SaaS services that will act when triggered (see next point).
  3. Leverage a security SaaS service that maintains policies and registries, of already prescribed and mature execution and remediation steps, to draw upon and enrich your policies.
  4. Leverage policy event data as a source to analyze for greater insights into trends. Soft alarms can be used to track sanctioned shadow IT projects, enabling innovation rather than preventing it by design.
  5. Tailor the policies over time for the most effective security coverage.
 Benefits: Assurance and performance

The benefits of a more closely monitored and enforced security architecture deployed at your digital edge cannot be overstated. Each edge node provides a consolidated point of control from which you can manage data flows between all parties. From this, you regain essential control of your business.

In addition:

  • Firm policies, such as cloud access and usage, can be followed and regularly updated.
  • Subscription security services provide an ecosystem (with lessons learned!) that has identified and fixed common mistakes so that they can be avoided.
  • IT and security teams gain the confidence to more readily support greater innovation, new business models and cloud use. For example, with all traffic within and between clouds traversing the security control point, you can stay ahead of dynamic changes by applying policies to the flow and not just to the endpoints.
  • Businesses can capitalize on lower latency advantages and implement more/deeper levels of security, governance and controls, which would have otherwise negatively impacted user experience or scale.

Article by Kelvin Cheung, Equinix Blog Network 

Related stories
Top stories
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Migration
SNP unveils next generation of CrystalBridge software platform
Data is a key pillar of every customer-centric organisation, as it relies on agile decisions to become increasingly sustainable and intelligent.
Story image
Cybersecurity
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Cybersecurity
Kaspersky opens three new centers to boost data management
Cybersecurity company Kaspersky has opened three new Transparency Centers, one in Japan, the second in Singapore and the third in the United States.
Story image
Cloud
Cisco Live showcases new offerings in its first hybrid event
Cisco Live 2022 has seen Cisco executives and customers take the stage to present a range of discussions in the company’s first-ever hybrid event.
Story image
Microsoft
SAS Viya on Microsoft Azure to deliver 204% return - study
The Forrester Total Economic Impact study finds SAS Viya on Microsoft Azure brings a 204% return on investment over three years.
Story image
Robotic Process Automation / RPA
Micro Focus unveils Data Center Automation for SaaS delivery
MicroFocus has released Data Center Automation (DCA) for software-as-a-service (SaaS) delivery, offering more cost-effective vulnerability risk and IT compliance management.
Story image
Sustainability
AirTrunk boosts Japan presence with West Tokyo data center
AirTrunk is planning to build TOK2, a new hyperscale data center in Japan which will strengthen the company’s presence in the country.
Story image
Sustainability
Evolution Data Centres reveals target of 20 tonnes of CO2 per GWh
Evolution Data Centres launches their new Sustainable Data Centre Charter, which includes targets like only 20 tonnes of carbon emissions per GWh by 2030.
Story image
Infrastructure
SolarWinds IT Trends Report highlights increased cloud complexity for businesses
SolarWinds' new IT Trends report has signalled a significant shift in the way businesses are dealing with hybrid cloud and infrastructure.
Story image
Sustainability
Aligned Data Centers increases sustainability-linked loan
Aligned Data Centers has increased its sustainability-linked loan from $375 million to $1.75 billion to speed up the next phase of its strategic growth.
Story image
Digital Transformation
The Huawei APAC conference kicks off with digital transformation
More than 1500 people from across APAC have gathered for the Huawei APAC Digital Innovation Congress to explore the future of digital innovation.
Story image
Cloud
SnapLogic improves Intelligent Integration Platform
SnapLogic has released new features and improvements to its Intelligent Integration Platform, which will allow IT, data and business teams to make select processes faster and more straightforward.
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
Cybersecurity
Secureworks researches new threat to Elasticsearch databases
Researchers from Secureworks' Counter Threat Unit have identified indexes of multiple internet-facing Elasticsearch databases replaced with a ransom note.
Story image
Sustainability
Huawei unveils next-generation sustainable data centers
Huawei says its next-generation data centers will be powered by PowerPOD 3.0, which reduces the footprint by 40% and cuts the energy consumption by 70%.
Story image
Cloud
Boomi surpasses 20,000 customers. Sets record for the iPaaS space
Boomi has announced it has surpassed the 20,000 customer mark, setting the record for the largest customer base among iPaaS vendors.
Story image
Infosys
Preparing for the digital decade with the right workforce strategies
For a decade that started under the pall of the pandemic, the 2020s is poised to end with a bang with the digital economy swelling to a high across the world.
Story image
Vietnam
Viettel IDC deploys Cloudian Hyperstore object storage for enhanced cloud solutions
Cloudian has announced that its Hyperstore object storage has been deployed by Vietnam telco Viettel IDC, citing the technology’s flexibility, multi-tenancy and ransomware protection as significant advantages.
Story image
Cloud
QuSecure partners with DataBridge Sites to showcase platform
QuSecure has partnered with DataBridge Sites to showcase its Quantum-as-a-Service (QaaS) orchestration platform, QuProtect.
Story image
Sustainability
Daikin and SP Group to build new energy efficient district cooling system
The project, set to be complete by 2025, will create a system with a cooling capacity of up to 36,000 refrigerant tonnes (RT). 
Story image
Infrastructure
New Uptime analysis highlights worsening downtime costs and consequences
New data from Uptime Institute has found that downtime costs and consequences are worsening as those involved in data infrastructure fail to find ways to curb outages.
Story image
Partnerships
Thailand announces launch of the Thailand 5G Alliance
It will promote collaboration between the public and private sector, through companies such as Huawei, to commercially drive Thailand's 5G development.
Story image
CASB
Juniper expands SASE offering with data loss prevention capabilities
Juniper has announced the expansion of its SASE offering with the addition of cloud access security broker (CASB) and data loss prevention (DLP) capabilities.
Story image
Broadband
Singapore found to have the speediest internet rates in the world
New research from BanklessTimes has shown that Singapore has the highest recorded median internet speed in the world at 207.61 MBPS.
Story image
Infrastructure
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Sisense
Data and analytics could be key to higher selling prices in APAC
Sisense's latest report has found that almost half of data professionals in APAC think customised data and analytics can create better selling prices for their products.
Story image
Cloud
Talend introduces new data health solutions for businesses
Talend has announced its latest version of Talend Data Fabric, with the release of Talend Trust Score enabling data teams to establish a foundation for data health.
Story image
Artificial Intelligence
Databricks announces new offering for Unity Catalog
Databricks has significantly expanded data governance capabilities on the lakehouse by unveiling data lineage for Unity Catalog.
Story image
Data Science
Neo4j announces service delivery alliance with Deloitte
Neo4j has announced a service delivery alliance with Deloitte Consulting Southeast Asia for a range of services to customers within the region.
Story image
Sustainability
SoftIron named global leader for efficient DC infrastructure solutions
SoftIron has been named a global leader for supplying energy-efficient data infrastructure solutions for core-to-edge data centers after an assessment by Earth Capital Ltd.
Story image
Cloud
Cloudflare outage in 19 data centers worldwide due to own error
Cloudflare says its outage for 19 of its data centers yesterday was because of a change in a long-running project to increase resilience in its busiest locations.
Story image
Cloud
Vertiv introduces line of redundant power transfer switches
Vertiv has introduced Vertiv Geist Rack Transfer Switch (RTS), a new line of transfer switches that provides redundant power to single-corded devices.
Story image
Secure access service edge / SASE
Cisco unveils new cloud-managed networking offerings
Cisco has announced new cloud management capabilities that offer a unified experience across the Cisco Meraki, Cisco Catalyst and Cisco Nexus portfolios.
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Sustainability
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Sydney
Equinix and PGIM Real Estate open data centre in Sydney
Equinix and PGIM Real Estate, the real estate investment and financing arm of PGIM, have announced the first xScale data centre in Sydney, named SY9x.
Story image
Sustainability
Intel unveils new investments for data center sustainability
Intel has announced two new investments, continuing its efforts to create more sustainable data center technology.
Story image
Microsoft
Microsoft, Cloudian partnership offers data center flexibility
Cloudian’s HyperStore object storage platform is now integrated and validated to work with Microsoft SQ Server 2022, offering more flexible and scalable data centers.
Story image
Colocation
Digital Edge chooses Nortek’s StatePoint for new data center
Digital Edge will use Nortek's StatePoint liquid cooling technology in its new data center, the first commercial colocation operator in Asia to do so.
Story image
Amazon Web Services / AWS
Qualtrics goes live on AWS Cloud Infrastructure in Japan
Organisations across Japan will now be able to access the Qualtrics XM/OS platform locally via data centre in the AWS Asia Pacific (Tokyo) region.
Story image
Healthcare
SnapLogic launches Accelerator for Amazon HealthLake
SnapLogic has launched Accelerator to allow healthcare and life sciences organisations to turn raw data into healthcare-related insights and actions.