The data center of today is dynamic yet complex. The constant evolution of new infrastructure, applications, distributed systems, and users has made the demands on the data center acute. Add to that the heightened need for security. No matter where the data center is hosted, mission critical information must be secure, the data must be protected, and IT and security vulnerabilities proactively identified.
Many vendors operate in this space and it can be a challenge to retain the expertise to create a robust secure data center architecture integrating the right products from the right companies, rather than a selection of “point” products to address ‘point’ problems.
The architecture needs to provide complete visibility, minimise the attack surface and be able to quickly detect, block and respond to threats. The Cisco Secure Data Center Solution, combines the best of our security and data center products, integrated and architected to help organizations achieve greater availability, agility, and performance.
But where do we start? A secure data center as an outcome can only be achieved through an understanding of the current state of the data center, the need for compliance, business and technical goals, vision, business strategy and pain points. Then, together with knowledge of the strengths and weaknesses of particular combinations of available product and service solutions, a prioritized roadmap that will accelerate a transformation to and adoption of a truly secure data center can be developed.
As a company that majors on the design and implementation of both security, data center and networking infrastructure solutions, Cisco is uniquely placed to consult and advise on the combination as we understand the nuances and interactions that can occur when trying to build a data center architecture with security at its heart. Nobody deliberately deploys a security solution they expect to be compromised either by accident or malicious intent, but the impact of a security compromise in the data center can be enormous to a business’ momentum and reputation.
This is simply an area where the best advice is to get the best advice, and so I asked Brian Trevey and Saad Hasan, our resident Secure Data Center gurus, three simple questions:
Q: What is the number one security gap you think clients are overlooking in their data centers today?
Brian: Visibility in the hybrid-cloud environment when the public cloud can’t provide the traditional monitoring options. Secondarily, protection over data propagation in the hybrid-cloud environment to provide workloads with the unified policy.
Saad: The biggest risk clients are overlooking is malicious traffic hiding in the ‘noise’ of the data center. This could be low and slow attacks, command and control, or data exfiltration traffic. This may also be due to multiple monitoring solutions that do not provide complete coverage and understanding.
Q: If you wanted your clients to do just one thing to secure their data centers, what would it be?
Brian: Segmentation – both edge segmentation and micro-segmentation to protect sensitive data are critical components to securing a modern data center.
Saad: Increase their understanding of the traffic and application patterns within the data center to be able to proactively prevent malicious traffic.
Q: Data Centers are no longer physical, but data can be in the cloud as well, as you mentioned earlier. How does this impact how we think about secure data centers?
Brian: Centralized control is no longer a simple task to perform. System, Network, and InfoSec teams needs more visibility to monitor both private cloud and public systems. When an incident occurs, alerts should be generated for multiple teams to allow correlation and coordinated response to remediate the current threat and prevent the future threats.
Saad: A secure data center is policy driven based on the requirements of the business. That policy shouldn’t change based on where that policy is implemented. The policy is designed to meet the needs of the business and must to be faithfully and accurately implemented across any and all platforms that may support that business application. Only policy driven architectures are able to keep up with the changing demands of a secure data center.
With the Cisco Data Center Solution, you can get the most comprehensive security solution to secure the data center in a multi-cloud world. To learn more about how Cisco can help, explore our Secure Data Center solution.
And our best “best advice” for building a security strategy for your data center? Consider engaging our Security Advisory Services experts. Our experts focus on assessing your current business, compliance and technical environment; identifying key IT and security challenges; and recommend a prioritized secure data center implementation roadmap aligned to broader business goals and strategy.