As if their jobs were not challenging enough already, data center teams are being faced with a new test — protecting edge computing infrastructure from cyberattacks.
Why is this happening? Because as of 2019, cybersecurity is not just a single battle or even an all-out war. For those with edge assets to protect, it is a constant low-level conflict where all infrastructures, systems, and networks themselves are constantly probed for weaknesses. Criminals and bad actors never sleep. Vigilance is vital.
To address this complicated task, start with a strategic cybersecurity plan that addresses both internal and external factors to prevent and mitigate cybersecurity attacks. Naturally, the plan will take into account internal policies, but it must also consider how chosen providers will ensure a safe environment which matches the organization’s security profile.
Understanding Edge Data Center Protection Cloudscapes
Data center profiles are quickly evolving. Protection requirements have expanded beyond the core as edge computing adoption and the number of network nodes continues to grow. These shifts are changing the type of vigilance required.
With data center assets now geographically disbursed, edge network end points make it impractical to attempt to replicate an on-premise ‘cybersecurity’ approach at every location. In distributed environments, the cybersecurity software that manages and monitors the infrastructure will sit on cloud platforms.
This presents several new challenges for data center managers that retain responsibility for the security of distributed assets. This group has experience in dealing with third-party developed cybersecurity solutions deployed on-premise and optimized for particular environments. Yet, being a cautious bunch, data center managers tend to get nervous when information about the status of their facilities resides outside their data center. So, the suggestion that they should use cloud-based cybersecurity platforms to monitor and protect distributed, mission-critical assets can often sit uncomfortably with their command and control, safety-first culture.
It is also clear that when it comes to cloud-managed distributed infrastructure and cybersecurity, many internal considerations are sector-specific with different concerns for different types of customer environments. Healthcare, retail, or manufacturing companies have domain-specific needs while common issues also need to be addressed across all sectors.
Cloud Hosted Cybersecurity – Internal Best Practices
Operations teams know that robust cybersecurity is built on policy, process, and people. What may be less obvious is that these become even more important when implementing cloud-hosted solutions. Getting the most from cloud cybersecurity platforms requires new user behaviors. For operators, this means facing up to a few key questions around compliance, access control, data transport, data location, and data privacy.
Data center operators using cloud-hosted cybersecurity solutions should consider:
- Security policies have been adapted for the cloud
- Multi-factor authentication is always used
- All security patches are current
- Data privacy and GDPR compliance responsibilities have been fully met (remember: compliance is a legal requirement, not a reason for lack of vigilance)
- Third-party penetrating testing are run regularly
- Inbound and outbound systems are monitored
- A DevSecOps approach is embraced internally and by your cloud provider
Best Practices for Cloud-based Protection of Edge Data Centers
The number of attacks for financial gain or malicious intent will continue to rise. This means due diligence when choosing your cloud platform partner has never been more important. As the number of services and critical applications grow at the edge, meta data that describes the condition of your edge data centers becomes ever more valuable. Ensuring that cloud-based cybersecurity of edge data center assets offer the appropriate protection cannot be left to chance.
To maximize protection, responsible data center teams should not only follow the seven points listed above, but also consider how a chosen supplier approaches cybersecurity. Cloud-based monitoring and management platforms should have cybersecurity baked in at every level from the code to the coders. For example, platforms should be constantly scanned for vulnerabilities with third-party security tools while all development work that involves changes to source code should be continuously scanned for bugs, security, and license issues through static analysis tools.
On the human side, software developers should attend mandatory security training —– and be encouraged to become a Certified Secure Software Lifecycle Professional (CSSLP). In both development and operations, any changes should be subject to a mandatory peer-level oversight. Code and infrastructure changes should be reviewed by at least one other engineer to validate code quality, security, and performance.
Protecting Mission Critical Data Centers from End-to-End
With the rise of edge data centers and increase in cloud-based computing, companies are facing new challenges in end-to-end cybersecurity. To ensure proper protection, data center teams must now carefully assess both internal processes and the strategies used by cloud suppliers. For Schneider Electric, cybersecurity is mission critical, and that is why our cloud-based DCIM platform incorporates best practices to ensure cybersecurity protection. Working with the right partners ensures that your own cybersecurity strategy will be focused on what matters most: increasing visibility, improving resiliency, and protecting data centers from the core to the edge.