Know your Data: Security

Security solutions today are designed for legacy three-tier architecture, and are not fully equipped to secure HCI

Hyperconverged infrastructure is a relatively new kid on the block, but this fledgling industry leads the pack at a CAGR of 26.6 percent with revenues slated to reach $7.15 billion by 2021. According to IDC, we can expect to see organisations in Asia Pacific migrating over 50 percent of IT in their data center and edge locations to a software-defined model globally by the end of 2019.

In a world driven by technology, digital transformation can make or break a business. As businesses continue to scale their offerings, software-defined storage solutions such as HCI can help promote cost-effectiveness, scalability and flexibility. However, we often find that security solutions today are designed for legacy three-tier architecture, and are not fully equipped to secure HCI. This means that traditional security tools are built for single threat vectors—either network, compute or storage—which may prove ineffective in a HCI environment that combines these components.

It is now more important than ever that data centers have solutions that are flexible to adapt to the changes and growth that comes with HCI. With data breaches fast becoming household news, with hackers targeting not just social networks, but organisations across industries. In fact, according to Black Hat Asia’s report – Cybersecurity Risk in Asia, nearly 70 percent of those surveyed expect a major data breach to happen within the next two years.

The impact of data breaches goes beyond financial—not only do they compromise intellectual property and cause the loss of information, it will also cost you the trust of your customers and reputational damage. Given the increasingly complex cybersecurity landscape, many government bodies are pushing out stringent regulations to stymie data breaches and its consequences—the latest being the European Union’s (EU) General Data Protection Regulation (GDPR). Every organisation dealing with the data of EU citizens is required to comply with GDPR, and a data breach caused by failure to comply can cost up to US$24 million in fines.

With HCI increasingly being deployed by organisations, how can they enhance the security of their HCI data centers and at the same time ensure compliance with stringent regulations? There may be no one-size-fits-all product or solution, but here are some good practices that organisations should keep in mind.

Go beyond software; hardware is equally as important 
With most security approaches focused on the software level, the hardware is often left vulnerable. Compromised hardware could mean that an organisation’s OS/software-level security measures on the server are easily bypassed—thus possibly creating a chain effect that affects other aspects of the data center. This may eventually evolve to something that is difficult to manage, and cybercriminals will exploit this fact. As such, it is important to keep in mind that server security needs to be built from the ground up across both hardware and software.

Secure data from deployment to disposal
Once data has been secured, do not forget about the disposal process. Every storage drive has a lifecycle, retiring and disposing old drives securely without compromising sensitive data is critical. The definite answer to ensuring data cannot be recovered and compromised from discarded hardware is destroying it. An example would be destroy-level sanitisation, destroying through going to industrial shredding and disposal sites where your hardware is physically destroyed. Alternatively, organisations could use self-encrypting drives that cannot be read without the encryption keys stored securely in the hardware. This means that the moment the drive is removed from power, it locks itself automatically and is secured.

Choose the right technology partner
The ideal technology partner not only provides great solutions, but also ensures compliance with a wealth of industry standards to ensure that your data is properly secured. An ideal partner should have an expertise in HCI—especially as legacy security methods can no longer be relied on since HCI is a flexible model. To cope with the rapid changes of a software-defined environment and stay ahead, new security models need to be as flexible as the underlying infrastructure.

With HCI being more prominent among organisations due to its significant benefits, protecting an organisation’s data and ultimately the overall business is now more important than ever. Always go back to basics and do not ignore hardware security – even though the focus is now on securing data on a software level. Ensure that security measures are up to date by working with the right technology partner, to optimise IT performance and grow business confidently.

-- Sumir Bhatia, President, Asia Pacific, Data Center Group, Lenovo.


Tags assigned to this article:
data security datacenter lenovo

Advertisement

Around The World