4 security management strategies for data center consolidation
If there’s one thing that best encapsulates the government’s age-old struggle between the desire for greater efficiency and the need for top-flight security, it has to be the Federal Data Center Consolidation Initiative (FDCCI).
Six years since the mandate was first introduced, the consolidation challenge continues with a superseding mandate -- the Data Center Optimization Initiative -- having recently been introduced.
While there have been some major wins, including billions of dollars saved and thousands of data centers shuttered, those wins do not change the fact that there are still major cybersecurity concerns surrounding the consolidation effort. According to a SolarWinds and Market Connections cybersecurity survey from earlier this year, these concerns mainly stem from incomplete transitions during consolidation and modernization projects, overly complex enterprise management tools and a lack of familiarity with new systems.
The fact that these concerns are still top of mind several years into the FDCCI is not surprising, considering the rapid evolution of the threat landscape. Today we have to worry about external hackers as well as insider threats, foreign governments and other bad actors. Layer that on top of increased network complexity, and it’s easy to understand why the problem not only still exists but seems to be getting more challenging every year.
Let’s take a look at four strategies federal network administrators can adopt to help circumvent this challenge and make their data consolidation efforts a little more secure.
1. Create a clearly defined organizational structure
A tool doesn’t know whether an anomaly is an outlier or a threat, but a person certainly does. That’s why any modernization or consolidation initiative must be approached from a people-first perspective.
Ultimately, everyone in an agency has a hand in data center operations -- not just IT administrators, but also developers, managers and executives. Accordingly, a clearly defined organizational structure will help ease teams into new processes. Each responsible party should be assigned unique responsibilities and remain in contact with each other. That way, if a breach or outage occurs, the team will be able to work together to address the issue.
2. Follow up with lightweight and flexible procedures
One of the goals behind the federal government’s modernization effort is to become more agile and flexible, but this should not be confined to hardware and software. Once the organizational structure is defined and it’s time to put processes and procedures in place, agencies should ensure they are highly flexible and can adapt to changing conditions.
Agencies with poor processes and procedures may be tempted to ramp up hiring or double down on implementing rigid processes, but these tactics can create more problems than solutions, resulting in overstaffing and impractical and constantly outdated procedures -- precisely what government is trying to avoid.
3. Encrypt and segment data at rest and in flight
Implementation of the FDCCI was driven by the enormous growth in the amount of government data. In the years leading up to the FDCCI announcement, that growth was so great that agencies were building data centers by the hundreds, which became untenable.
It goes without saying that all data, whether at rest or in flight, must be encrypted, especially as agencies continue their data center transitions. There are simply too many risks involved in the transition process itself -- too many places where data is vulnerable and too many opportunities for increasingly savvy hackers to access information left in the open. Once the data is at rest, there are still areas of concern, including insiders who may or may not have malicious intent.
Data segmentation is also critical, as it can limit the attack damage to a subset of data. Segmenting can reduce the potential for cascading -- and often catastrophic -- network failures. It’s another safety net that can minimize the risk of data leaks and ensure five nines of availability.
4. Automate security and gain complete control
As the amount of data increases and data center management becomes more complex, it’s no longer feasible to manually coordinate security processes. Therefore, all of the aforementioned strategies should be supported by software that automates data center security management.
Regardless of the size of the data center, administrators must implement solutions that can monitor applications and network activity and deliver patches and updates as necessary. These goals can be achieved with modern performance monitoring software that gives data center managers a complete view of the health of every aspect of their data centers, including compute, storage, network and applications.
Administrators willing to lay the security groundwork now will find their road toward data center consolidation easier to travel. Their efforts will also provide a solid foundation for managing what promises to be a tricky post-consolidation world -- where the amount of data continues to grow even as the number of data centers has shrunk.
Joe Kim is executive vice president engineering and global CTO at SolarWinds.