INSIDER INSIGHTS: Protecting data centers from internal and external threats
Securing the data center is one of the most important challenges facing CSOs today.
On the one hand, users want to be able to access information stored at the data center any time and from any device. On the other hand, you want to restrict access to clearly defined data, applications, roles and devices. Added to the mix is that, for many managed service providers and enterprise data centers, users, devices, roles and where and how that data is stored changes on a regular basis. Trying to balance security versus access isn't a new imperative. But it is becoming more complex.
"Data centers by their very nature require far-reaching yet integrated security," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's cyber security solutions. "The more people that require access to the data and applications hosted within your data center – users, clients, guests and internal staff – the more opportunities there are for any of these roles to unintentionally become a vector for malware, advanced persistent threats or intrusion. And once behind the gateway, these potentially harmful events have to be isolated and mitigated. Network protection has to move outward by allowing only secured devices from accessing the network and inward by internally segmenting data and applications to reduce any unauthorised 'east-west' traffic."
Take a big-picture view
Today's data center operations are fluid and mobile. People use smartphones, tablets, desktops or laptops at any time to access hosted networks and data. Add to that the number of applications, which may or may not be secure, on each of those devices. Then factor in the number of partners and vendors with whom they share data, each adding potential vulnerabilities from unsecured devices and applications. To tackle these issues, data centers need total transparency across the entire network to view and detect threats and abnormalities in the flow of information.
Develop user-profile security policies
Hundreds of users, devices and applications require hundreds of security profiles at the granular level. A secure data center has to account for all potential users: who they are, where they are physically located, what devices are they using to access the network and what applications they need to access. It's hard enough if your data center serves only your organisation. The challenges are multiplied for managed service providers with multiple clients.
Create trust zones
Policy and enforcement go hand-in-hand. With internal segmentation and policies associated with each segment, you can create discrete secure areas for authorised access and interactions. These segments are protected by internal firewalls, each enforcing the associated security policy and deploying a range of advanced security services to detect and protect against threats and hackers. Deploying these internal segmentation firewalls provides visibility into internal network traffic which can be used to enhance zero day attack mitigation and overall security posture.
A security fabric
To protect against internal and external threats you need a fully-integrated security fabric that provides total visibility across the network, supports internally-segmented trust zones and the ability to deploy individualised security policy for each and every user/device combination.
"This is exactly what Fortinet has developed with their Secure Access Architecture (SAA)," says Khan. "With the FortiOS 5.4 secure operating system, a full range of powerful FortiGate next generation internal segmentation firewalls, FortiAnalyzer and FortiManager to create and deploy multiple policies across the entire network and a host of other security solutions, all designed from the ground up to be interoperable, protecting your data center from threats both internal and external can be achieved from a single vendor and managed from a single dashboard.
"Fortinet's SAA can work alongside your current security infrastructure," concludes Khan, "so you can add Fortinet's enhanced protection as a staged implementation. Indeed, transitioning security landscapes from heterogeneous point solutions to a fully-integrated security fabric is becoming the de facto standard for more and more data center implementations. If you are looking to expand and enhance your security profile to address multiple polices and segments within your data center, give us a call. It's a specialty for Fortinet and one which is rapidly gaining acceptance for enterprise data centers across all vertical markets.
For further information, please contact:
Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793
David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com M: 021 241 6946