Maintaining a stand-alone, isolated data center is becoming outdated. The advantages of tapping cloud resources to expand computing power and data storage are just too attractive, especially as organizations mine more data resources such as the Internet of Things and implement big data projects. Software as a service (SaaS) and infrastructure as a service (IaaS) offer so many benefits that more companies are adopting a hybrid data center strategy that mingles on-site resources with public and private cloud computing. With hybrid data center design comes a new set of security challenges, and a new way to think about security.
The Hybrid Explosion
Hybrid data centers have become commonplace with the explosive growth of SaaS. IDC predicted that 2015 would be a banner year for data center infrastructure, with total spending on IT infrastructure increasing 24.1 percent to $32.6 billion, while spending on traditional, non-cloud environments would decline by -1.6 percent. Spending on private cloud infrastructure will grow 15.8 percent year over year to $12.1 billion, and spending on public cloud infrastructure is expected to grow by 29.6 percent to $20.5 billion. An infographic from Raritan DCIM shows that spending on cloud SaaS between 2011 and 2016 is expected to grow at a compound annual rate of 27.4 percent for business service applications, 34.0 percent for content creation, 25.9 percent for content management, 23.4 percent for Enterprise Resource Planning (ERP), and 49.1 percent for office suites.
Virtualization helps data center managers get more value from hybrid cloud resources. By the end of 2012, 70 percent of enterprises were running some of their applications as virtual resources. And confidence in hypervisors and virtual machines (VMs) has increased over the last few years, and more business-critical applications are running in virtual environments. Virtualization is ideal for hybrid computing because it enables quick provisioning while consolidating servers and lowering operating costs. Virtualization also offers improved workload balancing and enhanced resilience and availability. Running VMs in the cloud offers even more benefits, because you only pay for virtual resources you use in a managed cloud environment. Load balancing is easier with virtualization, because you can scale based on performance requirements. The cloud offers scalability with less hardware and reduced costs.
However, combining a hybrid data center infrastructure with virtualization requires a new way of looking at data security. No longer can you protect data by building a moat around the data center.
Rethinking Data Center Security
When you are managing a stand-alone data center, managing security is straightforward. You protect your data assets with firewalls, antivirus software, and group policies and make sure your hardware is tightly managed. Compliance is easy, because IT knows how everything is secured.
With mobile technology and cloud services, IT no longer has total control of the infrastructure or the data. Mobile and remote users are extracting data from behind the firewall, and more companies and even individual departments are adding their own cloud resources to the mix.
VMs can reside anywhere in the cloud or in multiple locations. By migrating to cloud computing, the organization is putting its security in the hands of the service provider, and it’s up to the cloud provisioning company to guarantee secure access and management of data assets.
At the same time that cloud computing is taking off, IT managers are not considering security with migration to the cloud. A survey conducted by Data Center Dynamics and Vanson Bourne revealed that while 95 percent said that security was an essential part of a virtual environment, 83 percent of organizations were still using the old security tools, such as antivirus and firewalls. The old “bolt on” solutions can’t secure data once they leave your control and move to the cloud.
Think Security from the Start
Security has to be part of the hybrid architecture from the outset. When designing a hybrid cloud system with virtualization, be sure to recommend the right preliminary steps in order to make sure that the virtual infrastructure is secure:
1. Be sure that the data center management team and information security team are involved in any virtualization project. Establish a common set of goals and be sure to consider security at each stage of the migration strategy.
2. Deploy the right security tools. Don’t try to retrofit tools that won’t secure virtual data. Consider new strategies such as better authentication and encryption.
3. Be sure to include intrusion detection and prevention, as well as integrity monitoring. About half of the professionals surveyed by Data Center Dynamics said that they discovered a data break by accident, after the fact. The right monitoring tools will prevent an intrusion.
4. Consolidate security with one security model that spans the physical, virtual, and cloud infrastructure. Try to consolidate as much as you can in one console in order to simplify monitoring and management and tighten security. You may not be able to monitor everything through a single pane of glass, but the more you can consolidate, the better.
5. Security needs to follow the workload. Machines move in a virtual infrastructure, and security needs to follow the VMs, whether it’s from on premises to cloud or between cloud resources.
Hybrid data centers and virtualization can be powerful resources, but they also have to be secured differently. In the old-school data center, securing the hardware infrastructure makes sense, because you can control every aspect of the infrastructure. Once you start storing data assets in the cloud, you lose control of the infrastructure, so you have to secure the data itself and be sure that security follows the data throughout the virtual infrastructure.